Bug#741561: closed by Michael Shuler (Re: CAcert Licensing and Inclusion in Debian main)

Hi, Klaus Ethgen wrote: > Michael Shuler wrote: > > A CAcert project member posted deb and source packaging to one of their > > mailing lists, shortly after removal from Debian. [...] I have > > checked periodically to see if the package showed up on the > > project's main download page, as anothe

Bug#741561: closed by Michael Shuler (Re: CAcert Licensing and Inclusion in Debian main)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Am Di den 7. Okt 2014 um 2:45 schrieb Debian Bug Tracking System: > Date: Mon, 06 Oct 2014 20:41:53 -0500 > From: Michael Shuler > To: 687693-d...@bugs.debian.org, 741561-d...@bugs.debian.org > Subject: Re: CAcert Licensing and Inclusion in Debian

Bug#741561: CAcert inclusion

2014 00:14 > Aan: 741...@bugs.debian.org > Onderwerp: Bug#741561: CAcert inclusion > > Hi, > > I think we should not include CAcert (by default) until they can follow the > rules mozilla (and others) require CAs to follow, and it's clear they do not > follow those rules. For exampl

Bug#741561: CAcert inclusion

I dont't agree with curt -Oorspronkelijk bericht- Van: Kurt Roeckx [mailto:k...@roeckx.be] Verzonden: woensdag 2 april 2014 00:14 Aan: 741...@bugs.debian.org Onderwerp: Bug#741561: CAcert inclusion Hi, I think we should not include CAcert (by default) until they can follow the

Bug#687693: Bug#741561: CAcert Licensing and Inclusion in Debian main

On Wed, April 2, 2014 05:01, Paul Tagliamonte wrote: > These certs were removed from Debian a month ago. Perhaps you'd be > interested in the recent thread on devel: > > https://lists.debian.org/debian-devel/2014/03/msg00375.html Thank you, but I think the maintainer knows very well that he remo

Bug#741561: CAcert inclusion

Hi, I think we should not include CAcert (by default) until they can follow the rules mozilla (and others) require CAs to follow, and it's clear they do not follow those rules. For example the certificate for www.cacert.org has several issues. Kurt -- To UNSUBSCRIBE, email to debian-bugs-dis

Bug#741561: merge foobar

I unarchived and reopened #687693, then merged #741561-#687693. That didn't seem to do what I thought. Apologies if I goofed that up, as it seems #741561 no longer appears on the open bugs page for the package. I had thought they would both appear as open bugs. If someone has the proper merge f

Bug#741561: Proposal for resolution of this issue

On Tue, April 1, 2014 17:50, Bas van den Dikkenberg wrote: > Please specify in witch part of distrobution license it states its non > free, and what has to change in de license to make distrubtibol with > ca-certificates There is an explanation here of why it's non free: https://fedoraproject.org/

Bug#741561: Should we open a bug to define wether #741561 is critical or wishlist?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Am Di den 1. Apr 2014 um 16:02 schrieb Pierre-Elliott Bécue: > > > But, arguing on the bug severity (between important/critical) > > > > I accepted the downgrade to important. > > You didn't initially. Yes. But I get convinced that even importan

Bug#741561: Proposal for resolution of this issue

...@pbandjelly.org] Namens Michael Shuler Verzonden: dinsdag 1 april 2014 17:01 Aan: Thijs Kinkhorst; 741...@bugs.debian.org CC: Thomas Koch; Klaus Ethgen; Bas van den Dikkenberg Onderwerp: Re: Bug#741561: Proposal for resolution of this issue I took yesterday away from b.d.o after re-reading several of

Bug#741561: Proposal for resolution of this issue

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 First, thanks for this detail post. It really helps to go forward. (And you might know me now enough, that you could know that I mean the thruth with the "thanks".) Am Di den 1. Apr 2014 um 16:01 schrieb Michael Shuler: > I followed the thought tha

Bug#741561: Should we open a bug to define wether #741561 is critical or wishlist?

On mar. 01 avril 2014 à 07:57:15, Klaus Ethgen wrote: > Pierre-Elliott Bécue wrote: > >> The bug is security relevant, it breaks full systems and it renders > >> ca-certificate complete useless for most of the people. So it _is_ > >> critical! > > > >In my opinion, something is security relevant w

Bug#741561: Proposal for resolution of this issue

I took yesterday away from b.d.o after re-reading several of the last bug reports that concern CAcert. I had planned to take a few more days, focus on $WORK, and write something at length, but I'll post a few thoughts.. I followed the thought that the CAcert root distibution license should be igno

Bug#741561: Should we open a bug to define wether #741561 is critical or wishlist?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, Am Di den 1. Apr 2014 um 9:06 schrieb Thijs Kinkhorst: > On Tue, April 1, 2014 08:57, Klaus Ethgen wrote: > > Hmmm, for some reason someone changed the certificte of bugs.debian.org > > to a unknown certificate issuer so "bts show" does not wo

Bug#741561: Proposal for resolution of this issue

Hi all, > Please provide an additional binary package, e.g. ca-certificates-cacert > that installs the cacert certificates without any further involvement of > the user. I think this is the way we should go forward that will satisfy the users of CAcert and also satisfy the desire to keep that cer

Bug#741561: Should we open a bug to define wether #741561 is critical or wishlist?

On Tue, April 1, 2014 08:57, Klaus Ethgen wrote: > Hmmm, for some reason someone changed the certificte of bugs.debian.org > to a unknown certificate issuer so "bts show" does not work anymore. Who > the hell is GANDI CA? You're kidding right, maybe because of the date? The Gandi CA is signed by t

Bug#741561: Should we open a bug to define wether #741561 is critical or wishlist?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hmmm, for some reason someone changed the certificte of bugs.debian.org to a unknown certificate issuer so "bts show" does not work anymore. Who the hell is GANDI CA? However, Pierre-Elliott Bécue wrote: >> The bug is security relevant, it breaks f

Bug#741561: Should we open a bug to define wether #741561 is critical or wishlist?

Good evening, Somebody is wrong on the Internet! (irony inside) Le lundi 31 mars 2014 à 08:16:59 (+0100), Klaus Ethgen a écrit: > The bug is security relevant, it breaks full systems and it renders > ca-certificate complete useless for most of the people. So it _is_ critical! In my opinion, so

Bug#741561: please provide an extra binary package with CaCert certificates

I agree fully, -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#741561: please provide an extra binary package with CaCert certificates

Package: ca-certificates Version: 20130119 Followup-For: Bug #741561 -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, I don't wont to argue whether it's the correct decision to drop Cacert. But please make it easier for users who want to continue using Cacert to doing so. Asking ev

Bug#741561: Processed: severity of 741561 is critical

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Am Mo den 31. Mär 2014 um 8:54 schrieb Thijs Kinkhorst: > >> severity 741561 critical > > Bug #741561 {Done: Michael Shuler } > > [ca-certificates] Please Include CAcert Root Certificates > > Severity set to 'cr

Bug#741561: Processed: severity of 741561 is critical

Klaus, On Mon, March 31, 2014 09:03, Debian Bug Tracking System wrote: > Processing commands for cont...@bugs.debian.org: > >> severity 741561 critical > Bug #741561 {Done: Michael Shuler } > [ca-certificates] Please Include CAcert Root Certificates > Severity set to 

Bug#741561: Processed: severity of 741561 is critical

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Ah yes, and it is also even worse to misuse the position of power as a debian maintainer to silence a user that criticize a wrong decision of them. Please stop misusing your power! Regards Klaus - -- Klaus Ethgen ht

Bug#741561: Processed: severity of 741561 is critical

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, Am Mo den 31. Mär 2014 um 8:05 schrieb Raphael Geissert: > >> severity 741561 critical > > Bug #741561 {Done: Michael Shuler } > > [ca-certificates] Please Include CAcert Root Certificates > > Severity set t

Bug#741561: Include CAcert Root Certificates

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Am So den 30. Mär 2014 um 22:35 schrieb Michael Shuler: > Respectfully, at the end of the day, this bug report is a wishlist > request to include the CAcert root certificates in the > ca-certificates package. The CAcert root certificates were removed

Bug#741561:

Can't we make sub packages that includes the cacert root certs like they do in opensuse Than the administrator/user has the choice if he wants ca-certificates of CA-cert or NOT . With kind regards, Bas van den Dikkenberg -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.or

Bug#741561: No longer ship cacert certificates (and valicert)

On Friday 14 March 2014 13:51:18 Michael Shuler wrote: > Thanks for including your thoughts. > > On 03/14/2014 01:25 PM, Wolfgang Walter wrote: > > And why valicert's certificates have been removed though they are still in > > iceweasel? > > Valicert as well as several other 1024-bit CA certifica

Bug#741561: No longer ship cacert certificates (and valicert)

Thanks for including your thoughts. On 03/14/2014 01:25 PM, Wolfgang Walter wrote: And why valicert's certificates have been removed though they are still in iceweasel? Valicert as well as several other 1024-bit CA certificates were removed from Mozilla. https://bugzilla.mozilla.org/show_bu

Bug#741561: No longer ship cacert certificates (and valicert)

The sudden removal of cacerts.org is questionable. E.g. jabber.ccc.org is suddenly untrusted. Kopete detects that but gives you only 2 possibilities: cancel connection or continue (and that without showing the fingerprint or any more details). Of course this is also a problem of kopete. But it

Bug#741561: No longer ship cacert certificates

On 03/14/2014 04:40 AM, Klaus Ethgen wrote: Am Fr den 14. Mär 2014 um 0:41 schrieb Michael Shuler: On 03/13/2014 05:18 PM, Klaus Ethgen wrote: The severity is critical as it breaks several unrelated packages Please, be specific about the stated several packages. - - mutt: Asking to prove a

Bug#741561: No longer ship cacert certificates

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Am Fr den 14. Mär 2014 um 0:41 schrieb Michael Shuler: > On 03/13/2014 05:18 PM, Klaus Ethgen wrote: > >The severity is critical as it breaks several unrelated packages > > Please, be specific about the stated several packages. - - mutt: Asking to

Bug#741561: No longer ship cacert certificates

On 03/13/2014 05:18 PM, Klaus Ethgen wrote: The severity is critical as it breaks several unrelated packages Please, be specific about the stated several packages. -- Kind regards, Michael -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe".

Bug#741561: No longer ship cacert certificates

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Am Do den 13. Mär 2014 um 23:11 schrieb Raphael Geissert: > Control: severity -1 important The severity is critical as it breaks several unrelated packages and breaks security. > > More over, it opens security holes to such systems as it is not pos

Bug#741561: No longer ship cacert certificates

Control: severity -1 important Control: tag -1 moreinfo Hi, On Thursday 13 March 2014 22:16:29 Klaus Ethgen wrote: [...] > More over, it opens security holes to such systems as it is not possible > anymore to be sure that a certificate is valid. Any tool that doesn't ask for confirmation or that

Bug#741561: No longer ship cacert certificates

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: ca-certificates Version: 20140223 Severity: critical With the new ca-certificates package, cacert certificate gets removed. That left several tools that depends on this certificate broken as they cannot anymore connect to services that use