Control: tags -1 moreinfo On Mon, Jun 01, 2020 at 06:05:56PM -0500, Michael Shuler wrote: >... > To access further information about this package, please visit the > following URL: > > https://mentors.debian.net/package/ca-certificates >... > Changes since the last upload: > > * debian/control: > Set Standards-Version: 4.5.0.2 > Set Build-Depends: debhelper-compat (= 13) > * debian/copyright: > Replace tabs in license text > * mozilla/{certdata.txt,nssckbi.h}: > Update Mozilla certificate authority bundle to version 2.40. > Closes: #956411, #955038 > * mozilla/blacklist.txt > Add distrusted Symantec CA list to blacklist for explicit removal. > Closes: #911289 > Blacklist expired root certificate, "AddTrust External Root" > Closes: #961907 > The following certificate authorities were added (+): > + "Certigna Root CA" > + "emSign ECC Root CA - C3" > + "emSign ECC Root CA - G3" > + "emSign Root CA - C1" > + "emSign Root CA - G1" > + "Entrust Root Certification Authority - G4" > + "GTS Root R1" > + "GTS Root R2" > + "GTS Root R3" > + "GTS Root R4" > + "Hongkong Post Root CA 3" > + "UCA Extended Validation Root" > + "UCA Global G2 Root" > The following certificate authorities were removed (-): > - "AddTrust External Root" > - "Certinomis - Root CA" > - "Certplus Class 2 Primary CA" > - "Deutsche Telekom Root CA 2" > - "GeoTrust Global CA" > - "GeoTrust Primary Certification Authority" > - "GeoTrust Primary Certification Authority - G2" > - "GeoTrust Primary Certification Authority - G3" > - "GeoTrust Universal CA" > - "thawte Primary Root CA" > - "thawte Primary Root CA - G2" > - "thawte Primary Root CA - G3" > - "VeriSign Class 3 Public Primary Certification Authority - G4" > - "VeriSign Class 3 Public Primary Certification Authority - G5" > - "VeriSign Universal Root Certification Authority"
ca-certificates (20200601) unstable; urgency=medium ca-certificates (20200601~deb10u1) buster-security; urgency=medium ca-certificates (20200601~deb9u1) stretch-security; urgency=medium Did you already agree with the security team (Cc'ed) that these should also be published as DSA for stable and oldstable? If yes, a security team member might be the best person to sponsor these for unstable/buster-security/stretch-security. If they shouldn't be treated as DSA, the uploads for stable and oldstable have to be done differently. > Regards, > Michael Shuler cu Adrian BTW: What is the next expiry date of any certificate in ca-certificates?
