Hi, I'm not sure why this is blowing up again this week when things have been in a bit of a limbo state since June last year, but in any case I've just pushed a change to buster to try and revert the blacklisting of legacy Symantec CAs. That should hopefully make it to the archive in the next few days.
Cheers, Julien On Wed, Jan 27, 2021 at 06:22:00PM +0000, Svetlana Kofman wrote: > Hi Julien, > > We are reaching out to you since you worked on issue #962596. > > Some background: > > NuGet packages that are being restored on Debian Buster are failing package > validation. This is caused by an expired cert which causes us to check the > time > signature. The time signature is deemed invalid due to this recent Debian > change. > > > > Broken by: Caused by Debian change #911289 - ca-certificates should remove > Symantec certs - Debian Bug report logs > > Later fixed by Debian: #962596 - ca-certificates: Removal of GeoTrust Global > CA > requires investigation - Debian Bug report logs … but not released yet. > > > > NuGet issue is Tracked in this public issue: > > Package validation broken in docker builds with errors NU3028 and NU3037 · > Issue #10491 · NuGet/Home (github.com) > > > > We are looking into helping customers mitigate the issue, and one of the > options is to obtain the latest ca-certificates package with the fix. > > We see the fix is available in sid and bullseye, are there plans to back port > the fix to buster? If so what is the timeline? > > > > Thanks, > > Svetlana > > NuGet Team > > > On Wed, Jan 27, 2021 at 07:33:02PM +0000, Michael Simons (.NET) wrote: > I see this was recently released to testing, is there an eta on when it will > be > available in stable, (e.g. buster)? > > > > Thanks >
