[Thorsten Glaser 2019-12-24] > While the package is patched to return the system location, > it still ships /usr/lib/python3/dist-packages/certifi/cacert.pem > which causes the .deb to be larger than it must.
[Sébastien Delafond 2019-12-24] > Before tagging this wontfix, however, I'm of course open to hearing > further arguments. Is the existance of the certificate file the reason the reported security problems for this package is flagged as unsolved? In <URL: https://security-tracker.debian.org/tracker/source-package/python-certifi > both CVE-2024-39689, CVE-2023-37920 and CVE-2022-23491 are listed as unsolved and for any systems with the package installed debsecan will report the CVEs as affecting the system. Perhaps a good solution is to drop the PEM file from the package and flag the CVEs as solved? -- Happy hacking Petter Reinholdtsen
