On 25 Sep 2011, at 20:06, Philipp Kern <pk...@debian.org> wrote: > You can actually recompile them to ship with your own certs. But you > cannot quote non-existent configuration files not being in /etc as a > reason for a policy violation and hence upgrade it to serious, sorry. > > Kind regards > Philipp Kern
Ok, so there's probably not such a thing as a bug in an open source software, because you can just fix it and compile it yourself. I know that's it's a question of opinion and that it's probably never going to be fixed, but I strongly disagree with you: this is a big issue. It's not Debian's fault, I know that, but if you want Debian to be consistant, you can't have certificates bundles everywhere in the system, the recent Diginotar issue proves it again : you guys had to upload a shitload of packages just to remove one single CA, sometimes with several days of interval. I find it ridiculous, unsafe and messy. In my opinion it should be adressed and would definitely make Debian a better system. I acknowledge you are really making a good job with Debian, so I don't mean to be rude... Regards, François. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
