>> > This "breaks unrelated software" only if you have configured that >> > software >> > to look at the contents of this package. Do you intend to also claim >> > ca-certificates "breaks unrelated software" every time it drops a CA >> > certificate because they determine the certificate authority isn't >> > trustworthy? > >> This is not the case here ! There is only a renaming. > > You didn't answer my question.
The implied answer was "no". >> The fix is easy and this bug should stay critical to not slip out of Etch. >> If a function was renamed in libc, would you say that it breaks unrelated >> software only if you have configured that software to use this function ? > > No, because it wouldn't break any unrelated software; it would only break > *related* software. That would be treated as a serious bug -- the same as > a bug where libc dropped a function. OK, I get the point. > And it would be treated such because library functions are something we > guarantee. Interfaces to particular CA certificates, however, are not > something we as a project guarantee. I understand that it's an > inconvenient > upgrade problem for users who link to this certificate, but that doesn't > make it 'critical'. Well, I hope that the fix will go into Etch since it will permit smooth upgrade from people using ca-certificates from bpo and relying on CAcert certificate.
