On 4/24/19 5:22 PM, Soppy bear wrote:
1. This is a Debian problem because the end user should be able to
use TLS without having to import/use certificates without any
practical use for normal operations.
Users *can* configure the ca-certificate package and set CA trust for
each and every CA, as well as configure new-CA trust however they wish.
Users can preseed debconf at installation time to trust no CAs, if they
so desire. I'm not going to get into the details of preseeding
installations, but runtime configuration is done with:
dpkg-reconfigure ca-certificates
Please, describe the problem better, if there is a concrete bug. The
description here and previously make little sense to me, other than a
personal preference and misunderstanding of how to configure CA trust.
If there is a CA in the current Mozilla bundle that is problematic for
you and the Internet, please contact Mozilla with this information, if
there is evidence of evil doings, Mozilla is the correct project to
inform. If you don't trust a particular CA that is in the current
Mozilla bundle, disable it. You can automate this, if you maintain a
large number of systems.
2. I have removed Firefox from my systems permanently because of this
reason and upgraded my research laptop to debian unstable for this
specific reason.
OK. What does this have to do with the ca-certificates package?
--
Kind regards,
Michael
