Your message dated Sat, 07 Sep 2013 09:18:21 +0000
with message-id <[email protected]>
and subject line Bug#647848: fixed in ca-certificates 20130906
has caused the Debian Bug report #647848,
regarding Debian CA Certificate Policy discussion
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
647848: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=647848
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: ca-certificates
Severity: important
Hi,
Just to make this public, I believe no new CA should be accepted as long as a
proper procedure isn't defined and guaranteed to remain in place (e.g. by
automating whatever process is defined.)
Reasoning being that with the exception of spi-inc.org, cacert.org, and
perhaps debconf.org, all the other CAs that have only been included in Debian
have certificates that (one or more may apply):
* have expired
* are about to expire and nobody has made any attempt to contact us
* their CRLs are no longer being updated
* there are no traces of the CAs online, not even revocation certs
Although we do have a disclaimer, it is irresponsible to allow such CAs in ca-
certificates.
The only exception should be new CAs added via Mozilla.
Cheers,
--
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net
--- End Message ---
--- Begin Message ---
Source: ca-certificates
Source-Version: 20130906
We believe that the bug you reported is fixed in the latest version of
ca-certificates, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Shuler <[email protected]> (supplier of updated ca-certificates
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 06 Sep 2013 11:31:06 -0500
Source: ca-certificates
Binary: ca-certificates
Architecture: source all
Version: 20130906
Distribution: unstable
Urgency: low
Maintainer: Michael Shuler <[email protected]>
Changed-By: Michael Shuler <[email protected]>
Description:
ca-certificates - Common CA certificates
Closes: 647848 664769 718173
Changes:
ca-certificates (20130906) unstable; urgency=low
.
* Add ca-certificates-local source package example to documentation
* Update local certificate handling in README.Debian.
Closes: #718173, LP: #487845
* Update CA inclusion policy for ca-certificates in README.Debian. With
the exception of SPI and CAcert, only those CAs included in Mozilla's
trust store will be included in ca-certificates in Debian.
Closes: #647848, LP: #103074
* Clarify that not all software that uses SSL uses ca-certificates in
README.Debian. Closes: #664769
* Add mozilla/nssckbi.h to source, since certdata.txt no longer contains
a version number.
* Update debian/copyright to "Copyright: Mozilla Contributors" for
mozilla/{certdata.txt,nssckbi.h}.
* Update mozilla/certdata.txt to version 1.94
Certificates added (+) and removed (-):
+ "CA Disig Root R1"
+ "CA Disig Root R2"
+ "China Internet Network Information Center EV Certificates Root"
+ "D-TRUST Root Class 3 CA 2 2009"
+ "D-TRUST Root Class 3 CA 2 EV 2009"
+ "PSCProcert"
+ "Swisscom Root CA 2"
+ "Swisscom Root EV CA 2"
+ "TURKTRUST Certificate Services Provider Root 2007"
- "Equifax Secure eBusiness CA 2"
- "TC TrustCenter Universal CA III"
Checksums-Sha1:
004bd1f1e5503638f88ca38fa7f3ea4eae8c2483 1420 ca-certificates_20130906.dsc
7f197c1bf7c7fc82e9f8f2fec6d8cc65f6a6187b 319624 ca-certificates_20130906.tar.gz
b7cfd7a3802fcade4f6e138e1f08b7d114850be2 185064
ca-certificates_20130906_all.deb
Checksums-Sha256:
1b3a2a3ce1cfe8356eae6bf19f54afc56be0d9d14a729133bbfb000012e5ded1 1420
ca-certificates_20130906.dsc
dd10520091d469e95e11e5fafb7422d3be0a66071984d09009ed3e0232cb277d 319624
ca-certificates_20130906.tar.gz
b2326834479192de2298c607bc020715c949cbd4dc5dd6be28a1b3f348eb9b76 185064
ca-certificates_20130906_all.deb
Files:
093c08b1a6ce9195eadd0a5720759114 1420 misc optional
ca-certificates_20130906.dsc
67d42b6be21c616a8b7d3d85d95ae912 319624 misc optional
ca-certificates_20130906.tar.gz
aeedad004000d8002536c06c553023af 185064 misc optional
ca-certificates_20130906_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
iQEcBAEBAgAGBQJSKt0eAAoJEFb2GnlAHawEJ3sH/RtIE6gIQzudppUe2ZuF0HCp
KzwZMzU+dwgTgmokGZxHg9Z4QZLlU/iwzbzmZTH7tKE1BTT7kLuFDk4C0ozqv6zE
Ln7iO/MjXIvvd32qaVUVjQsQdtkzn5ho/Ng0II42B5NkvRYRdiGD5MrDXQTBl5zZ
eiEcNebEkG0ZCzm7l/0AauWi4EyIL+Sh8h74DPJueJJJnkoTjhsZhIxBJ7Lvs01H
EE29Ozx535kdDaL4qHhRrWoBMefNBcNbRKW5srAOqMAL8Xu3SPKkrWpA009Nmkj+
xsFsaHPPbPqkl8085glY8TGbFMNazKCyJ4liBVYVso4eE20tAKPqiJas1vHG4KA=
=gPFb
-----END PGP SIGNATURE-----
--- End Message ---
