Bug#962008: RFS: ca-certificates/20200601 [RC] -- Common CA certificates

To: Michael Shuler <michael@pbandjelly.org>
Cc: 962008@bugs.debian.org, 962009@bugs.debian.org, 962010@bugs.debian.org, team@security.debian.org
Subject: Bug#962008: RFS: ca-certificates/20200601 [RC] -- Common CA certificates
From: Adrian Bunk <bunk@debian.org>
Date: Wed, 3 Jun 2020 09:37:33 +0300
Message-id: <[🔎] 20200603063733.GA30828@localhost>
Reply-to: Adrian Bunk <bunk@debian.org>, 962008@bugs.debian.org
In-reply-to: <[🔎] 9e00cb3e-8a15-ae13-f59c-50b6dcfc45ac@pbandjelly.org>
References: <[🔎] 9e00cb3e-8a15-ae13-f59c-50b6dcfc45ac@pbandjelly.org> <[🔎] 9e00cb3e-8a15-ae13-f59c-50b6dcfc45ac@pbandjelly.org>

Control: tags -1 moreinfo

On Mon, Jun 01, 2020 at 06:05:56PM -0500, Michael Shuler wrote:
>...
> To access further information about this package, please visit the 
> following URL:
> 
>   https://mentors.debian.net/package/ca-certificates
>...
> Changes since the last upload:
> 
>   * debian/control:
>     Set Standards-Version: 4.5.0.2
>     Set Build-Depends: debhelper-compat (= 13)
>   * debian/copyright:
>     Replace tabs in license text
>   * mozilla/{certdata.txt,nssckbi.h}:
>     Update Mozilla certificate authority bundle to version 2.40.
>     Closes: #956411, #955038
>   * mozilla/blacklist.txt
>     Add distrusted Symantec CA list to blacklist for explicit removal.
>     Closes: #911289
>     Blacklist expired root certificate, "AddTrust External Root"
>     Closes: #961907
>     The following certificate authorities were added (+):
>     + "Certigna Root CA"
>     + "emSign ECC Root CA - C3"
>     + "emSign ECC Root CA - G3"
>     + "emSign Root CA - C1"
>     + "emSign Root CA - G1"
>     + "Entrust Root Certification Authority - G4"
>     + "GTS Root R1"
>     + "GTS Root R2"
>     + "GTS Root R3"
>     + "GTS Root R4"
>     + "Hongkong Post Root CA 3"
>     + "UCA Extended Validation Root"
>     + "UCA Global G2 Root"
>     The following certificate authorities were removed (-):
>     - "AddTrust External Root"
>     - "Certinomis - Root CA"
>     - "Certplus Class 2 Primary CA"
>     - "Deutsche Telekom Root CA 2"
>     - "GeoTrust Global CA"
>     - "GeoTrust Primary Certification Authority"
>     - "GeoTrust Primary Certification Authority - G2"
>     - "GeoTrust Primary Certification Authority - G3"
>     - "GeoTrust Universal CA"
>     - "thawte Primary Root CA"
>     - "thawte Primary Root CA - G2"
>     - "thawte Primary Root CA - G3"
>     - "VeriSign Class 3 Public Primary Certification Authority - G4"
>     - "VeriSign Class 3 Public Primary Certification Authority - G5"
>     - "VeriSign Universal Root Certification Authority"

ca-certificates (20200601) unstable; urgency=medium
ca-certificates (20200601~deb10u1) buster-security; urgency=medium
ca-certificates (20200601~deb9u1) stretch-security; urgency=medium

Did you already agree with the security team (Cc'ed) that these should 
also be published as DSA for stable and oldstable?

If yes, a security team member might be the best person to sponsor these
for unstable/buster-security/stretch-security.

If they shouldn't be treated as DSA, the uploads for stable and 
oldstable have to be done differently.

> Regards,
> Michael Shuler

cu
Adrian

BTW: What is the next expiry date of any certificate in ca-certificates?

Reply to:

Follow-Ups:
- Bug#962008: RFS: ca-certificates/20200601 [RC] -- Common CA certificates
  - From: Michael Shuler <michael@pbandjelly.org>

References:
- Bug#962008: RFS: ca-certificates/20200601 [RC] -- Common CA certificates
  - From: Michael Shuler <michael@pbandjelly.org>

Prev by Date: Bug#962044: RFS: xmlstarlet/1.6.1-2.1 [NMU] -- command line XML toolkit
Next by Date: Bug#962091: RFS: xine-ui/0.99.12-1 [QA] -- xine video player, user interface
Previous by thread: Bug#962008: RFS: ca-certificates/20200601 [RC] -- Common CA certificates
Next by thread: Bug#962008: RFS: ca-certificates/20200601 [RC] -- Common CA certificates
Index(es):
- Date
- Thread