Bug#692911: unblock: ca-certificates/20121105
Hi,
Michael Shuler wrote (11 Nov 2012 20:59:10 GMT) :
> In parsing certdata.txt for the ca-certificates package, neither of
> these flags are used when the CA trust database is created, so both
> CKT_NSS_MUST_VERIFY_TRUST and CKT_NSS_TRUST_UNKNOWN flags are
> ignored. This is why I indicated these lines are innocuous -
Thanks a lot for the detailed explanation!
> Should I re-upload with a changelog entry of something like:
> diff --git a/debian/changelog b/debian/changelog
> index 861abed..3fe8329 100644
> --- a/debian/changelog
> +++ b/debian/changelog
> @@ -1,6 +1,9 @@
> ca-certificates (20121105) unstable; urgency=low
> * Update mozilla/certdata.txt to version 1.86 Closes: #683728
> + Clean up of "no explicit trust" flag CKT_NSS_TRUST_UNKNOWN to
> + CKT_NSS_MUST_VERIFY_TRUST
> + - https://bugzilla.mozilla.org/show_bug.cgi?id=757189
I think it would be even better to replace "clean up" with some
version of "parsing certdata.txt for the ca-certificates package,
neither of these flags are used when the CA trust database is created,
so both CKT_NSS_MUST_VERIFY_TRUST and CKT_NSS_TRUST_UNKNOWN flags are
ignored": IMHO, "Clean up" still describes the change itself, rather
than the reason why it is reasonable, which is, I think, as important.
> Or should I patch out these changes from mozilla/certdata.txt and
> re-upload?
Personally, I think these changes should be fine, once it's properly
documented why they have no practical effect, but the final call is
not mine.
In any case, this is starting to look like a pre-approval request more
than a unblock one, since the actual package to unblock has not been
uploaded yet. So, I guess it might be dealt with slightly faster if
the bug against release.d.o was formally put into the right category.
Cheers!
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
Reply to: