OK, I am now convinced that we don't need the md2 certs, applications should be able to validate using the sha1 certs. I believe a bug in libsoup/glib-networking is causing the sha1 certs to not be used.
We still should improve ca-certificates to make _sure_ that we're shipping the sha1 certs instead of the md2 certs, as it currently ships the sha1 certs by coincidence as they are listed later in Mozilla's file. If they ever change the order of their file, we'll be shipping the md2 ones by mistake. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1031333 Title: Missing Verisign certs due to broken extract script To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/1031333/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
