Why is the ca-certificates package not in the list of security relevant packages?
Among other advantages (adding new Root CAs) this would allow to "revoke" broken Root CA certificates - something I'd actually and honestly _expect_ from any sane distribution! The outdated ca-certificates make squeeze installations a pain to maintain. For example: We just updated the GoDaddy certificate of our open source platform, Clazzes.org, where we provide lots of SSL secured VirtualHosts (https://www.clazzes.org, https://deb.clazzes.org, GPG keys, ...). Unfortunately we have now cutting of quite some scripts and Wiki'd snippets because neither wget nor curl accept the sites' certificates. Before anyone yells: I am not only here to complain. Part of our business is to maintain custom software for squeeze based systems that exist more or less offline and will not be updated to wheezy or higher for years to come. We are therefore forced to maintain build and test systems and pbuilder tarballs for squeeze amd64 and i386 - and to keep their installation reproducable from scratch by maintaining a partial squeeze mirror. Backporting one more package and maintaining it for some time should be no problem, especially if the package merely contains data files. I will look into the according squeeze and wheezy source packages as soon as I can find time. Perhaps this is not necessary: Why does wheezy's ca-certificates package depend on a recent version of the openssl binary package? If it weren't for this dependency, wheezy's ca-certificates package could probably be used for squeeze without any changes. Or am I in for a shock once I look into the source package(s)? Regards, Christoph Lechleitner -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
