Package: libcurl3-gnutls Version: 7.15.5-1 Severity: critical Tags: security
Given that trustworthiness of certificate authorities is not evaluated, no package should depend on ca-certificates. To do so forces the user to trust everything in ca-certificates.
I suggest setting this Depends to Recommends or Suggests, like many other packages do.
-- -Cedar Cox -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
