Hello, Will Ubuntu hirsute be affected by this bug? For context, Network Security Services (NSS) 3.63 and newer distrusts Symantec which will cause failures when installing NuGet packages. As per this question, Ubuntu contains NSS 3.63 in hirsute-proposed: https://answers.launchpad.net/ubuntu/+source/ca- certificates/+question/696339
For more information, please see: https://github.com/NuGet/Announcements/issues/56 Best, Loic ** Bug watch added: github.com/NuGet/Announcements/issues #56 https://github.com/NuGet/Announcements/issues/56 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ca-certificates in Ubuntu. https://bugs.launchpad.net/bugs/1913951 Title: ca-certificates: Symantec CA blacklisted for non-TLS uses Status in ca-certificates package in Ubuntu: Fix Released Status in ca-certificates source package in Groovy: Fix Released Status in ca-certificates source package in Hirsute: Fix Released Status in ca-certificates package in Debian: Fix Released Bug description: ~$ lsb_release -rd Description: Ubuntu 20.10 Release: 20.10 ~$ apt list --installed | grep ca-certificates WARNING: apt does not have a stable CLI interface. Use with caution in scripts. ca-certificates/groovy-updates,groovy-security,now 20201027ubuntu0.20.10.1 all [installed,automatic] Repro steps: 1. Open Terminal. 2. Execute: wget https://dot.net/v1/dotnet-install.sh chmod +x ./dotnet-install.sh ./dotnet-install.sh -c 5.0 export DOTNET_ROOT=$HOME/.dotnet export PATH=$PATH:$HOME/.dotnet dotnet new console dotnet add package System.Collections.Immutable Expected result: Package restore will succeed. Actual result: Package restore fails with: error: NU3028: Package 'System.Collections.Immutable 5.0.0' from source 'https://api.nuget.org/v3/index.json': The author primary signature's timestamp found a chain building issue: UntrustedRoot: self signed certificate in certificate chain There has been a planned process to distrust Symantec certificates in the certificate store over the past two years. The Debian ca-certificates package removed this CA for both TLS (expected) and other uses (like timestamping) (unexpected). Trust was added back in a subsequent update. See https://release.debian.org/proposed-updates/stable.html#ca-certificates_20200601~deb10u2 for details. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/1913951/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
