--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: bookworm-pu: package igtf-policy-bundle/1.133
- From: Dennis van Dok <dennisvd@nikhef.nl>
- Date: Wed, 05 Mar 2025 14:57:38 +0100
- Message-id: <174118305865.318303.9234731276895621658.reportbug@bobo.nikhef.nl>
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian.org@packages.debian.org
Usertags: pu
X-Debbugs-Cc: igtf-policy-bundle@packages.debian.org
Control: affects -1 + src:igtf-policy-bundle
[ Reason ]
The GEANT TCS Generation 4 contract ended quite suddenly
with little warning from the vendor. The new Generation 5
was put together quite quickly, but the necessary CAs
and intermediate CAs from HARICA were only accredited with
version 1.133 of this bundle.
For a smooth transition for users, I propose to update
the package in stable (bookworm).
[ Impact ]
Without this update, sites are unable to verify the identity of users
with certificates issued under the new contract, and vice versa users
are unable to assert the identity of servers with such certificates.
[ Tests ]
Since the package includes no code per se, testing consists of
installing on systems with (test or pre-production) services
and checking TLS interactions.
[ Risks ]
The risk is low, as the bundle is issued under the oversight
of the Interoperable Global Trust Federation (igtf.net) who
issue regular reviews to maintain the accredited status
of the associated CAs. The updates of the bundle are usually
of a nature that would not require immediate updates.
[ Checklist ]
[*] *all* changes are documented in the d/changelog
[*] I reviewed all changes and I approve them
[*] attach debdiff against the package in (old)stable
[*] the issue is verified as fixed in unstable
[ Changes ]
Changes to the bundle are documented in the upstream CHANGES
file.
--- End Message ---