Perhaps I should add how I imagine the tree of the package: Right now we have: /usr/share/ca-certificates |-- brasil.gov.br |-- cacert.org |-- debconf.org |-- gouv.fr |-- mozilla | | | `-- many different PCA's below here |-- quovadis.bm |-- signet.pl |-- spi-inc.org `-- telesec.de
I'd suggest e.g. this: In a package ca-certificates-base: /usr/share/ca-certificates/base/ |-- debconf.org `-- spi-inc.org In a package ca-certificates-important: /usr/share/ca-certificates/important/ |-- cacert.org |-- Verisign |-- Thawte |-- Starcom |-- Mozilla | `-- but here only root-certs directly from Mozilla itself | (e.g. if they'd operate their own CA `-- telesec.de In a package ca-certificates-governments: /usr/share/ca-certificates/governments/ |-- Germany (root-certs from the Bundesnetzagentur) |-- Brazil `-- Poland In a package ca-certificates-grid: /usr/share/ca-certificates/grid/ |-- IGTF | |-- EUGridPMA | | |-- GRID-FR | | |-- UK Certification Authority | | |-- GridKa-CA | | `-- DFN Grid | |-- APGridPMA | `-- TAGPMA `-- others, not distributed by IGTF Here this is somewhat similar to the current way, e.g. where ./mozilla/ holds many different CAs. Although I said, that IMHO this should not go together, I think a case like the above Grid-stuff is an exception. While all these CA's are in principle independent, it's nice to group them according to their membership or origin. I think its the same as if we'd do: /usr/share/ca-certificates/governments/ |-- Europe | |-- Germany | |-- Poland | `-- UK |-- North-America |-- South-America | `-- Brazil `-- Asia Cheers, Chris.
smime.p7s
Description: S/MIME cryptographic signature
