[arch-dev-public] CAcert dropped from certificate bundle
b at bpiotrowski.pl
Sun Mar 16 06:06:07 EDT 2014
On 03/14/2014 06:14 PM, Pierre Schmitz wrote:
> Hi all,
> Debian has decided to drop the root certificate of CAcert.org they used
> to ship with their ca-certificates package. As our pacakge is based on
> Debian's the latest ca-certficates package in [testing] also lack the
> CAcert certificate.
> If we intent to keep it that way we should also remove the patch from
> our nss package:
> The Debian bug report can be found at
> I added the certs to our bundles in 2009. Unfortunately there is no
> visible progress regarding their inclusion in browsers from Mozilla,
> Google and Microsoft.
> Realistically I cannot vouch for any of the CAs we ship. That's one
> reason why we push that responsibility upstream to e.g. the Debian
> project or Mozilla.
> What do you think? Imho we should keep follow Debian here. Other
> solutions would be to patch it back in or ship a separate optional
> package; though that might be impossible for nss.
Seems that Debian can't vouch for its CAs either… However it's not hard
to obtain a legitimate free SSL certificate from StartSSL or GlobalSign,
so let's keep following Debian in that matter.
Users still can import CACert root certificate on their own.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 555 bytes
Desc: OpenPGP digital signature
More information about the arch-dev-public