[arch-dev-public] CAcert dropped from certificate bundle
Pierre Schmitz
pierre at archlinux.de
Fri Mar 14 13:14:12 EDT 2014
Hi all,
Debian has decided to drop the root certificate of CAcert.org they used
to ship with their ca-certificates package. As our pacakge is based on
Debian's the latest ca-certficates package in [testing] also lack the
CAcert certificate.
If we intent to keep it that way we should also remove the patch from
our nss package:
https://projects.archlinux.de/svntogit/packages.git/tree/trunk/add_spi+cacert_ca_certs.patch?h=packages/nss
The Debian bug report can be found at
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718434
I added the certs to our bundles in 2009. Unfortunately there is no
visible progress regarding their inclusion in browsers from Mozilla,
Google and Microsoft.
Realistically I cannot vouch for any of the CAs we ship. That's one
reason why we push that responsibility upstream to e.g. the Debian
project or Mozilla.
What do you think? Imho we should keep follow Debian here. Other
solutions would be to patch it back in or ship a separate optional
package; though that might be impossible for nss.
Greetings,
Pierre
--
Pierre Schmitz, https://pierre-schmitz.com
More information about the arch-dev-public
mailing list