On 12/06/2013 08:11 PM, Michael Shuler wrote: > On 12/06/2013 06:21 PM, Daniel Kahn Gillmor wrote: >> can we ship CAs marked as "disabled" by default? > > I think this would prove to be a rather severe disservice to Debian > users, making all SSL connections fail for all software that is or > depends on one of the reverse dependencies of ca-certificates.
I didn't mean to imply that we would ship all CAs as disabled by default
-- i agree that would probably be unhelpful. i just meant that the
decision about "not including CAcert.org" doesn't need to be a binary
decision -- instead of dropping it, we could ship the certificate, but
have it disabled by default, while leaving the others alone.
--dkg
signature.asc
Description: OpenPGP digital signature
