ca-certificates_20090814~bpo50+1_i386.changes is NEW
(new) ca-certificates_20090814~bpo50+1.dsc optional misc
(new) ca-certificates_20090814~bpo50+1.tar.gz optional misc
(new) ca-certificates_20090814~bpo50+1_all.deb optional misc
Common CA certificates
This package includes PEM files of CA certificates to allow SSL-based
applications to check for the authenticity of SSL connections.
.
It includes, among others, certificate authorities used by the Debian
infrastructure and those shipped with Mozilla's browsers.
.
Please note that certificate authorities whose certificates are
included in this package are not in any way audited for
trustworthiness and RFC 3647 compliance, and that full responsibility
to assess them belongs to the local system administrator.
Changes: ca-certificates (20090814~bpo50+1) lenny-backports; urgency=low
.
* Rebuild for lenny-backports, no changes needed.
.
ca-certificates (20090814) unstable; urgency=low
.
* Call Debconf and its db_purge as early as possible in postrm.
(Closes: #541275)
.
ca-certificates (20090709) unstable; urgency=low
.
* Fix purge by checking for `/etc/ssl/certs' first. (Closes: #536331)
.
ca-certificates (20090708) unstable; urgency=low
.
* Removed CA files:
- cacert.org/root.crt and cacert.org/class3.crt:
Both certificate files were deprecated with 20080809. Users of these
root certificates are encouraged to switch to
`cacert.org/cacert.org.crt' which contains both class 1 and class 3
roots joined in a single file.
- quovadis.bm/QuoVadis_Root_Certification_Authority.crt:
This certificate has been added into the Mozilla truststore and
is available as `mozilla/QuoVadis_Root_CA.crt'.
* Do not redirect c_rehash error messages to /dev/null.
(Closes: #495224)
* Remove dangling symlinks on purge, which also gets rid of the hash
symlink for ca-certificates.crt. (Closes: #475240)
* Use subshells when grepping for certificates in config, avoiding
SIGPIPE because of grep's immediate exit after it finds the pattern.
(Closes: #486737)
* Fix VERBOSE_ARG usage in update-ca-certificates. Thanks to
Robby Workman of Slackware.
* Updated Standards-Version and FSF portal address in the copyright file.
.
ca-certificates (20090701) unstable; urgency=low
.
* Reactivated "Equifax Secure Global eBusiness CA". (Closes: #534674)
Rationale: The rogue collision CA has its validity period in the past.
Thus it does not impose a risk upon us at the moment.
* Restrict search for local certificates to add on files ending with '.crt'.
* Canonicalize PEM names by applying the same set of substitions to
local and other certificates like the Mozilla certdata dumper does.
.
ca-certificates (20090624) unstable; urgency=low
.
* Allow local certificate installation. All certificates found
in `/usr/local/share/ca-certificates' will be automatically added
to the list of trusted certificates in `/etc/ssl/certs'.
(Closes: #352637, #419491, #473677, #476663, #511150)
* Updated Mozilla certificates from nss 3.12.3-1 (certdata.txt revision
1.51):
+ COMODO ECC Certification Authority
+ DigiNotar Root CA
+ Network Solutions Certificate Authority
+ WellsSecure Public Root Certificate Authority
- Equifax Secure Global eBusiness CA
- UTN USERFirst Object Root CA
* Reimplemented the Mozilla certdata parser mainly to exclude explicitly
untrusted certificates. This led to the exclusion of the
"MD5 Collisions Forged Rogue CA 23c3" and its parent
"Equifax Secure Global eBusiness CA". Furthermore code signing-only
certificates are no longer included neither.
* Remove the purging of old PEM files in postinst dating back to
versions earlier than 20030414.
* Hooks are now called at every invocation of `update-ca-certificates'.
If no changes were done to `/etc/ssl/certs', the input for the
hooks will be empty, though. Failure exit codes of hooks will not
tear down the upgrade process anymore. They are printed but ignored.
.
ca-certificates (20081127) unstable; urgency=low
.
* Remove /etc/ssl{,/certs} in postrm to please piuparts. (Closes:
#454334)
Override entries for your package:
Announcing to backports-changes@lists.backports.org
Your package contains new components which requires manual editing of
the override file. It is ok otherwise, so please be patient. New
packages are usually added to the override file about once a week.
You may have gotten the distribution wrong. You'll get warnings above
if files already exist in other distributions.
Reply to: