Sorry guy, I just have to comment. I am asking again, why should CAcert be removed? The reason why it should be removed is just because of unprooven cncerns about CAcert's code quality and the audit which appears to be stalled? I guess that Ubuntu responsible should contact CAcert to get invitation in their internal auditation process first before doing so. And generally I have to add again. If this is the only reason, then should be also removed the other CA Certificates which use also dubious methods for providing certificates or have weak identification checks for customers.
-- You received this bug notification because you are a member of OpenJDK, which is subscribed to ca-certificates-java in Ubuntu. https://bugs.launchpad.net/bugs/1258286 Title: CAcert should not be trusted by default Status in “ca-certificates” package in Ubuntu: Fix Released Status in “ca-certificates-java” package in Ubuntu: Fix Released Status in “nss” package in Ubuntu: Fix Released Status in “ca-certificates” source package in Lucid: Fix Released Status in “ca-certificates-java” source package in Lucid: New Status in “nss” source package in Lucid: New Status in “ca-certificates” source package in Precise: Fix Released Status in “ca-certificates-java” source package in Precise: New Status in “nss” source package in Precise: New Status in “ca-certificates” source package in Quantal: Fix Released Status in “ca-certificates-java” source package in Quantal: New Status in “nss” source package in Quantal: New Status in “ca-certificates” source package in Saucy: Fix Released Status in “ca-certificates-java” source package in Saucy: New Status in “nss” source package in Saucy: New Status in “ca-certificates” source package in Trusty: Fix Released Status in “ca-certificates-java” source package in Trusty: Fix Released Status in “nss” source package in Trusty: Fix Released Status in “ca-certificates” package in Debian: Fix Released Status in “ca-certificates-java” package in Debian: Fix Released Bug description: Ubuntu is one of the few distributions shipping CAcert as a trusted certificate. Many distributions are considering[1] whether to remove CAcert, and Mozilla closed the RFE[2] for CAcert in 2008, which was opened in 2003. Concerns were expressed about CAcert's code quality[3], and their audit appears to be stalled. In the past, it appears that Ubuntu disabled[4] CAcert, but this is no longer the case. It may be wise to do so again. [1]:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718434#50 [2]: https://bugzilla.mozilla.org/show_bug.cgi?id=215243 [3]: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718434#45 [4]: http://wiki.cacert.org/InclusionStatus?highlight=Ubuntu To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/1258286/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~openjdk Post to : [email protected] Unsubscribe : https://launchpad.net/~openjdk More help : https://help.launchpad.net/ListHelp
