On di, 2011-09-27 at 08:37 -0400, Dave Reisner wrote:
Hi all,
I dropped a new curl in testing a few days ago with only one real change. It now builds and uses its own cacert bundle which is dropped in /etc/ssl/certs/ca-bundle.crt. This is similar to the ca-certificates bundle, but taken directly from Mozilla and processed with an in tree perl script.
With this, the ca-certificates dep is of course removed. I don't expect any regressions, but please dig up your curl/https powered apps and make sure they still work.
What's the purpose of this? The whole reasoning behind ca-certificates is to have a central certificate store. Remember that the ca-certificates package as maintained by debian originates from NSS, so basically these contain the same certificates. IMHO this is a big -1 from my side.