Re: Migrating to Community-driven Infrastructure - Step 1: Inventory
 

The limitations are both legal and for usage. Both sites clearly state these are for use by an individual for their own personal usage. Non-persons (like incorporated NFP) are not entitiled to get/use the free versions.

Even if we did get one, it would be for one site. Currently there are at least three separate site SSLs (bugs, garage, and another I can't recall). Wild-card certificates are different than single-site certificates, and just about every certificate authority will charge for those, even for individual use.

In the end, it will boil down to how urgent the need is vs the cost. Again, the cost of keeping a server up will dwarf the cost of getting an SSL certificate. (Servers cost more than 5 cents a day to keep running, in general.) But that's something to be decided later. If/when the Board gets the domain, servers, and/or enough funding to make any of the rest of this happen.

Re: Migrating to Community-driven Infrastructure - Step 1: Inventory
 

Actually, CAcert are fine with organisations and don't have a paid version even if you wanted one. The catch is that their root cert is not pre-installed too widely yet (although Maemo used to ship with it).

Wiki & lists at least, possibly others.

They are one option, others include subjectAltName, SNI, and of course one cert per hostname as is the current situation.

IMO TLS is not optional, but as I said any verifiable cert is fine by me, even if it's a self-signed one with a PGP-signed post of the fingerprints to the mailing list.