Your message dated Wed, 14 Dec 2011 19:47:22 +0000
with message-id <[email protected]>
and subject line Bug#647849: fixed in ca-certificates 20111211
has caused the Debian Bug report #647849,
regarding ca-certificates: removal of signet.pl's CAs
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
647849: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=647849
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: ca-certificates
Severity: grave
Version: 20080809
Hi,
During a review of signet.pl's CAs in ca-certficiates, I've found several
issues that prompt me to remove them from all the current releases of ca-
certificates.
* signet_ca1_pem.crt
notAfter=Sep 23 13:18:17 2011 GMT [EXPIRED]
NO CRL
NO OCSP
Bits=1024
* signet_ca2_pem.crt
notAfter=Apr 18 12:53:07 2017 GMT
NO OCSP
CRL=http://www.signet.pl/repozytorium/crl/pca2.crl
Last Update: Jan 4 11:39:13 2007 GMT
Next Update: Jan 4 11:44:13 2008 GMT [EXPIRED]
Bits=2048
* signet_ca3_pem.crt
notAfter=Apr 28 10:50:55 2008 GMT [EXPIRED]
NO CRL
NO OCSP
Bits=2048
* signet_ocspklasa2_pem.crt
notAfter=Apr 18 12:53:07 2017 GMT
CRL=http://www.signet.pl/repozytorium/crl/klasa2.crl
Last Update: Jan 4 10:36:58 2007 GMT
Next Update: Jan 5 10:36:58 2007 GMT [EXPIRED]
NO OCSP
Bits=1024
* signet_ocspklasa3_pem.crt
notAfter=Apr 28 10:50:55 2008 GMT [EXPIRED]
CRL=http://www.signet.pl/kwalifikowane/repozytorium/crl/klasa3.crl
Last Update: Jun 30 10:56:24 2006 GMT
Next Update: Jul 1 10:56:24 2006 GMT [EXPIRED]
NO OCSP
Bits=1024
* signet_pca2_pem.crt
notAfter=Sep 21 15:42:19 2026 GMT
CRL=http://www.signet.pl/repozytorium/rootca/rootca.crl
Last Update: Jan 4 12:27:13 2007 GMT
Next Update: Jan 5 12:32:13 2008 GMT [EXPIRED]
NO OCSP
Bits=2048
* signet_pca3_pem.crt
notAfter=Sep 21 15:42:19 2026 GMT
CRL=http://www.signet.pl/repozytorium/rootca/rootca.crl
Last Update: Jan 4 12:27:13 2007 GMT
Next Update: Jan 5 12:32:13 2008 GMT [EXPIRED]
NO OCSP
Bits=2048
* signet_rootca_pem.crt
notAfter=Sep 21 15:42:19 2026 GMT
NO CRL
NO OCSP
Bits=2048
* signet_tsa1_pem.crt
notAfter=Sep 23 11:18:17 2011 GMT [EXPIRED]
CRL=http://www.signet.pl/repozytorium/crl/klasa1.crl
Last Update: Aug 1 09:38:22 2006 GMT
Next Update: Aug 3 09:38:22 2006 GMT [EXPIRED]
NO OCSP
Bits=1024
Additionally, I have found no trace of them after a quick search. signet.pl's
website only contains one root CA, which was never included in Debian.
Unless there's a well-founded argument against its removal, I plan to remove
them from lenny, squeeze, and sid.
Cheers,
--
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net
--- End Message ---
--- Begin Message ---
Source: ca-certificates
Source-Version: 20111211
We believe that the bug you reported is fixed in the latest version of
ca-certificates, which is due to be installed in the Debian FTP archive:
ca-certificates_20111211.dsc
to main/c/ca-certificates/ca-certificates_20111211.dsc
ca-certificates_20111211.tar.gz
to main/c/ca-certificates/ca-certificates_20111211.tar.gz
ca-certificates_20111211_all.deb
to main/c/ca-certificates/ca-certificates_20111211_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Shuler <[email protected]> (supplier of updated ca-certificates
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 11 Dec 2011 19:05:32 -0600
Source: ca-certificates
Binary: ca-certificates
Architecture: source all
Version: 20111211
Distribution: unstable
Urgency: low
Maintainer: Michael Shuler <[email protected]>
Changed-By: Michael Shuler <[email protected]>
Description:
ca-certificates - Common CA certificates
Closes: 594383 646767 647849
Changes:
ca-certificates (20111211) unstable; urgency=low
.
* Clarify CA audit note in package description and README.debian. Thanks
to C.J. Adams-Collier for the patch. Closes: #594383
* Remove French Government IGC/A CA certificates. The RSA certificate is
included in the Mozilla bundle and the DSA certificate is not in use.
Closes: #646767
* Remove expired signet.pl CAs. Closes: #647849
* Remove expired brasil.gov.br CA.
* Edit 20111025 changelog/NEWS entries to correctly list installed CAs
* Use 'set -e' in body of debian/postinst
* Update mozilla/certdata.txt to version 1.80
(no added/removed CAs)
* Update mozilla/certdata2pem.py to parse NETSCAPE or NSS data
Checksums-Sha1:
68df1e97e9dc923e47bc6604b7dc0bf707f0d68b 1747 ca-certificates_20111211.dsc
7c13d7e1e6ea119ee6ab3b03e45ef7e48e5e9b63 277937 ca-certificates_20111211.tar.gz
25998fd32380ded0b658034e53eedebf514bb8c9 175372
ca-certificates_20111211_all.deb
Checksums-Sha256:
71b709cc33ac317e9a8d5f28051e122bd5aebbd28247fbc47f85e95f584ef05f 1747
ca-certificates_20111211.dsc
6f0633136d17ffef3ed0adfb171a00136a320f0fd79c9c75733ac02662a754a7 277937
ca-certificates_20111211.tar.gz
0ec173492418b32b07e400d4822ec9812e04207af7e6ea1f5064505ca9b80f3f 175372
ca-certificates_20111211_all.deb
Files:
8ee60f575635f25563d1712e2bc02eaa 1747 misc optional
ca-certificates_20111211.dsc
f99a90a91b23338b4df765c0d18eba73 277937 misc optional
ca-certificates_20111211.tar.gz
02a3105a228f1e053926ed3dc397d8cd 175372 misc optional
ca-certificates_20111211_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIVAwUBTuj6s4cvcCxNbiWoAQLnKA//dQv6eEwDpADMyz/EoizYsK4agifE3KiA
auIj/9gOsDcAYcCI8V85dV72j7URxG3uLzRT0x9g2pLyeiM6SCt8eOqphegUGD+Z
SVk+GdU6Qf/1OsAiyVm5eY8w+awvMXpiAdUDaz5HPmoDzOyagJCgamRXqe6Tdejy
VofPbPZWCb8yVph4onSOYCJ1jtllVlPOFiPYxewGEdqiW+sgw4jW7fdj+vKvkB1M
kMugyc0/GazJevIqIniQa9rj5ssfZ027CVFWu34Hhsm1GnRgqiiEVMGqtzrhD6Bw
FPj34+lrIyS5j+6mP5kOynd8D4r5OqYTvFeI4iE/p5uWCejBUYxxpNm3s4lryzCM
dyFXq56jPZJrnFeVxLisY0MUFbypzvmL1Fj1Gd9sppARmosvOQ6LWM3PrRiQrJLt
D4Fo/1ZYFHh8CSML1HqeTQ395LjIH+kRJMUheI99TA5GGJJNvqZjygo/qZuYslHE
V/qvAg06CdR7iPNUrpM404uCRAph7T61Bi/+y4nT3DkXhR6+obLmcnUdxFlrRSja
8C+rQeCh/CGwJdkpj8UOlsK+wMt8q8+vEMRe8qXGwSZjsyyuk8hk+OJ5xSBp3UdK
uAEb11IfDZUditDXuEzYxhq3gJqYu8E88uOXYfCQQ5nVUt4xbuw7+kswWwHtqb4D
xqqMVOPBwOg=
=xnOb
-----END PGP SIGNATURE-----
--- End Message ---
