Am 27.09.2011 23:30, schrieb Jan de Groot:
I dropped a new curl in testing a few days ago with only one real change. It now builds and uses its own cacert bundle which is dropped in /etc/ssl/certs/ca-bundle.crt. This is similar to the ca-certificates bundle, but taken directly from Mozilla and processed with an in tree perl script.
With this, the ca-certificates dep is of course removed. I don't expect any regressions, but please dig up your curl/https powered apps and make sure they still work.
What's the purpose of this? The whole reasoning behind ca-certificates is to have a central certificate store. Remember that the ca-certificates package as maintained by debian originates from NSS, so basically these contain the same certificates.
IMHO this is a big -1 from my side.
Agreed, without further explanation this seems like complete nonsense.