severity 858539 serious thanks
We should not release stretch with these certificates; not only would it be embarrassing to do so given that they have ceased to work in modern browsers for some time, we are also simply putting our users at risk. Whilst there will be more CA screwups in the future, we should release with our reasonable best effort, which surely means "just" removing these. Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-