On Monday 29 August 2011 16:03:57 Josh Triplett wrote: > Whatever resolution Mozilla and others end up with (revocation of the > certificate or of the entire CA), ca-certificates will likely need to > do the same. FWIW, individual certificates can't be "revoked" in ca-certificates. Shipping revocation lists is useless too. Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net