Bug#962008: RFS: ca-certificates/20200601 [RC] -- Common CA certificates
Control: tags -1 moreinfo
On Mon, Jun 01, 2020 at 06:05:56PM -0500, Michael Shuler wrote:
>...
> To access further information about this package, please visit the
> following URL:
>
> https://mentors.debian.net/package/ca-certificates
>...
> Changes since the last upload:
>
> * debian/control:
> Set Standards-Version: 4.5.0.2
> Set Build-Depends: debhelper-compat (= 13)
> * debian/copyright:
> Replace tabs in license text
> * mozilla/{certdata.txt,nssckbi.h}:
> Update Mozilla certificate authority bundle to version 2.40.
> Closes: #956411, #955038
> * mozilla/blacklist.txt
> Add distrusted Symantec CA list to blacklist for explicit removal.
> Closes: #911289
> Blacklist expired root certificate, "AddTrust External Root"
> Closes: #961907
> The following certificate authorities were added (+):
> + "Certigna Root CA"
> + "emSign ECC Root CA - C3"
> + "emSign ECC Root CA - G3"
> + "emSign Root CA - C1"
> + "emSign Root CA - G1"
> + "Entrust Root Certification Authority - G4"
> + "GTS Root R1"
> + "GTS Root R2"
> + "GTS Root R3"
> + "GTS Root R4"
> + "Hongkong Post Root CA 3"
> + "UCA Extended Validation Root"
> + "UCA Global G2 Root"
> The following certificate authorities were removed (-):
> - "AddTrust External Root"
> - "Certinomis - Root CA"
> - "Certplus Class 2 Primary CA"
> - "Deutsche Telekom Root CA 2"
> - "GeoTrust Global CA"
> - "GeoTrust Primary Certification Authority"
> - "GeoTrust Primary Certification Authority - G2"
> - "GeoTrust Primary Certification Authority - G3"
> - "GeoTrust Universal CA"
> - "thawte Primary Root CA"
> - "thawte Primary Root CA - G2"
> - "thawte Primary Root CA - G3"
> - "VeriSign Class 3 Public Primary Certification Authority - G4"
> - "VeriSign Class 3 Public Primary Certification Authority - G5"
> - "VeriSign Universal Root Certification Authority"
ca-certificates (20200601) unstable; urgency=medium
ca-certificates (20200601~deb10u1) buster-security; urgency=medium
ca-certificates (20200601~deb9u1) stretch-security; urgency=medium
Did you already agree with the security team (Cc'ed) that these should
also be published as DSA for stable and oldstable?
If yes, a security team member might be the best person to sponsor these
for unstable/buster-security/stretch-security.
If they shouldn't be treated as DSA, the uploads for stable and
oldstable have to be done differently.
> Regards,
> Michael Shuler
cu
Adrian
BTW: What is the next expiry date of any certificate in ca-certificates?
Reply to: