Re: Bug#858539: should ca-certificates certdata.txt synchronize across all suites?

To: Brian May <bam@debian.org>, Raphael Hertzog <hertzog@debian.org>
Cc: Michael Shuler <michael@pbandjelly.org>, Antoine Beaupré <anarcat@orangeseeds.org>, Paul Wise <pabs@debian.org>, 858539@bugs.debian.org, ca-certificates@packages.debian.org, debian-lts@lists.debian.org, 867461@bugs.debian.org
Subject: Re: Bug#858539: should ca-certificates certdata.txt synchronize across all suites?
From: Emilio Pozuelo Monfort <pochu@debian.org>
Date: Mon, 15 Jan 2018 10:20:52 +0100
Message-id: <[🔎] 25080267-3c60-6bf2-5788-09e81323caf8@debian.org>
In-reply-to: <[🔎] 87wp0kqh8x.fsf@prune.linuxpenguins.xyz>
References: <87y3s1phqk.fsf@curie.anarc.at> <CAKTje6H1y4B=WNMDY+SPMoNw1TzRGUH-teMNTVNVwNjks05rKg@mail.gmail.com> <d0b9674a-ac5b-5cc9-1982-fb6f36155c5a@pbandjelly.org> <87efpuc95w.fsf@curie.anarc.at> <20171221104720.GA8632@home.ouaza.com> <[🔎] 87incbsdol.fsf@prune.linuxpenguins.xyz> <[🔎] 20180112092441.GA18212@home.ouaza.com> <[🔎] 87wp0kqh8x.fsf@prune.linuxpenguins.xyz>

On 14/01/18 22:10, Brian May wrote:
> Raphael Hertzog <hertzog@debian.org> writes:
> 
>> Yes, please. I saw reports of failures on IRC due to missing CA
>> certificates.
> 
> Done that now.
> 
> Does this deserve a DLA?

It certainly does. But don't make it a 'security update', but just 'update'. See
e.g. my tzdata advisories.

> If so, I have no idea what to include. Maybe
> something like:
> 
> --- cut ---
> This release does a complete update of the CA list. This includes
> removing the StartCom and WoSign certificates to as they are now
> untrusted by the major browser vendors.
> --- cut ---
> 
> Or do I need more details? e.g. the list of certificates added/removed
> from debian/changelog?

That snippet sounds good to me.

Cheers,
Emilio

Reply to:

References:
- Re: Bug#858539: should ca-certificates certdata.txt synchronize across all suites?
  - From: Brian May <bam@debian.org>
- Re: Bug#858539: should ca-certificates certdata.txt synchronize across all suites?
  - From: Raphael Hertzog <hertzog@debian.org>
- Re: Bug#858539: should ca-certificates certdata.txt synchronize across all suites?
  - From: Brian May <bam@debian.org>

Prev by Date: Re: Bug#858539: should ca-certificates certdata.txt synchronize across all suites?
Next by Date: Fixing CVE-2017-3144 in isc-dhcp in Wheezy?
Previous by thread: Re: Bug#858539: should ca-certificates certdata.txt synchronize across all suites?
Next by thread: Bug#886734: libgdk-pixbuf2.0-0: undefined symbol after upgrade (wheezy-security): gdk_pixbuf_calculate_rowstride
Index(es):
- Date
- Thread