[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#962245: RFS: ca-certificates/20200601~deb9u1 [RC] -- Common CA certificates

On 6/5/20 4:15 AM, Adrian Bunk wrote:
Compared to 20200601 and 20200601~deb10u1 this contains the following
additional files:


The additional NEWS.Debian.gz is either correct or harmless,
the additional certificates are not.

This is due to the backport missing the "Remove email-only roots from
mozilla trust store" (#721976) change that is in 20200601.

Great catch, thanks, result of using currentver~debXuY as discussed with some people for better update recognition, while backporting as little as possible. I was diffing 20161130+nmu1+deb9u1 to ca-certificates-20200601~deb9u1, so this is also a good check the other direction.

I hadn't removed d/NEWS, which was dropped in later versions.

I also had not modified certdata2pem.py from the latest. I will take a look at the changes for #721976 and see if it seems ok, I think the email root removal backport is reasonable.

Please update the stretch-pu request with that fixed and let me know
when the corrected debdiff is approved.

Will do, thank you for the feedback.

Kind regards,

Reply to: