Your message dated Sat, 5 Dec 2015 23:09:10 -0600
with message-id <[email protected]>
and subject line Re: Bug#786892: ca-certificates: split out certificate-bundles
into separate packages
has caused the Debian Bug report #786892,
regarding ca-certificates: split out certificate-bundles into separate packages
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
786892: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786892
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: ca-certificates
Version: 20141019
Severity: wishlist
Hi.
Since a while now, the ca-certificates package is - apart from the whole
infrastructure stuff - merely a container for the Mozilla CA bundle, as
basically all other CAs have been pushed out or never been accepted.
The Mozilla CA bundle by itself is not more trustworthy than any other
CA collection (actually, having the security expert hat on, I'd say it's
even far less trustworthy).
But since it shouldn't be Debian's task or choice to decide what's trust-
worthy and what's not, it would be nice if the actually CAs, could
be split out into separate packages, and ca-certificates would only
provide the infrastruture stuff (hooks, debconf, etc.).
If e.g. the Mozilla bundle would be split out to ca-mozilla or something
like that, users that have no interest in these certs could choose not
to install that package and save some space.
Also it wouldn't require users to run updates just because the Mozilla
CA bundle changes,... even if they use nothing of it but just want the
infrastructure parts to be used with e.g. the IGTF certs or other CA
packages in Debian.
Cheers,
Chris.
--- End Message ---
--- Begin Message ---
On 05/26/2015 08:44 AM, Christoph Anton Mitterer wrote:
> If e.g. the Mozilla bundle would be split out to ca-mozilla or something
> like that, users that have no interest in these certs could choose not
> to install that package and save some space.
With the pending removal of the SPI CA (#796208) the ca-certificates
package only contains the Mozilla CA bundle. Calling this done, since
there's nothing left to split out.
--
Kind regards,
Michael
--- End Message ---
