Bug#962245: RFS: ca-certificates/20200601~deb9u1 [RC] -- Common CA certificates
On 6/5/20 4:15 AM, Adrian Bunk wrote:
Compared to 20200601 and 20200601~deb10u1 this contains the following
The additional NEWS.Debian.gz is either correct or harmless,
the additional certificates are not.
This is due to the backport missing the "Remove email-only roots from
mozilla trust store" (#721976) change that is in 20200601.
Great catch, thanks, result of using currentver~debXuY as discussed with
some people for better update recognition, while backporting as little
as possible. I was diffing 20161130+nmu1+deb9u1 to
ca-certificates-20200601~deb9u1, so this is also a good check the other
I hadn't removed d/NEWS, which was dropped in later versions.
I also had not modified certdata2pem.py from the latest. I will take a
look at the changes for #721976 and see if it seems ok, I think the
email root removal backport is reasonable.
Please update the stretch-pu request with that fixed and let me know
when the corrected debdiff is approved.
Will do, thank you for the feedback.