[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#962010: Bug#962008: RFS: ca-certificates/20200601 [RC] -- Common CA certificates

On Wed, Jun 03, 2020 at 08:40:02AM -0500, Michael Shuler wrote:
> Generally, expiry date has not been an issue remaining in the bundle until
> removal upstream, since the certification authorities have managed migration
> to new roots well and openssl>=1.1.1 handles this gracefully. This appears
> to have not been the case with AddTrust and older openssl<1.1.1 bug, as that
> fix was not backported, to the best of my understanding.

gnutls has the same problem (#961889).

But you do have a point that libraries are supposed to handle this 
situation gracefully.

> Re: security uploads:
> I have received no reply from the security team, as of this message, so
> awaiting their OK/advice. Copy of email sent to team@security, since there
> is no secret info in here:

Please wait for an ACK from the security team before making uploads
to -security or asking others to do so.

While maintainers are allowed to update their packages quite freely
in unstable (with some exceptions like library transitions ot the
freeze before a release), uploads to *-security and stable distributions 
need an ACK first.

> Kind regards,
> Michael


Reply to: