[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#858539: should ca-certificates certdata.txt synchronize across all suites?

On 14/01/18 22:10, Brian May wrote:
> Raphael Hertzog <hertzog@debian.org> writes:
>> Yes, please. I saw reports of failures on IRC due to missing CA
>> certificates.
> Done that now.
> Does this deserve a DLA?

It certainly does. But don't make it a 'security update', but just 'update'. See
e.g. my tzdata advisories.

> If so, I have no idea what to include. Maybe
> something like:
> --- cut ---
> This release does a complete update of the CA list. This includes
> removing the StartCom and WoSign certificates to as they are now
> untrusted by the major browser vendors.
> --- cut ---
> Or do I need more details? e.g. the list of certificates added/removed
> from debian/changelog?

That snippet sounds good to me.


Reply to: