Hi, I couldn't find an appropriate thread on the dev or security list.
Just wanted to remind security conscious debian devs that there's still a open bug for the removal of the SPI-INC CA, which is currently trusted by default on Debian installations due to the `ca-certificates` package (tracked as #796208). I'm for urgent removal and have commented on that just now in the bug tracker. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796208 Thanks, Aaron
signature.asc
Description: Digital signature
