Hi,
Michael Shuler wrote (18 Nov 2012 21:22:54 GMT) :
> 20121114 has not been uploaded to unstable, yet, so I had some time to
> rebuild and include an additional note, today:
> * Update mozilla/certdata.txt to version 1.86 Closes: #683728
> - Replace legacy "no explicit trust" flag of CKT_NSS
On 11/15/2012 08:46 AM, Michael Shuler wrote:
> On 11/14/2012 06:12 PM, intrigeri wrote:
>> I think it would be even better to replace "clean up" with some
>> version of "parsing certdata.txt for the ca-certificates package,
>> neither of these flags are used when the CA trust database is created,
On 11/14/2012 06:12 PM, intrigeri wrote:
> Michael Shuler wrote (11 Nov 2012 20:59:10 GMT) :
>> In parsing certdata.txt for the ca-certificates package, neither of
>> these flags are used when the CA trust database is created, so both
>> CKT_NSS_MUST_VERIFY_TRUST and CKT_NSS_TRUST_UNKNOWN flags are
On 15.11.2012 00:12, intrigeri wrote:
In any case, this is starting to look like a pre-approval request
more
than a unblock one, since the actual package to unblock has not been
uploaded yet. So, I guess it might be dealt with slightly faster if
the bug against release.d.o was formally put into
Hi,
Michael Shuler wrote (11 Nov 2012 20:59:10 GMT) :
> In parsing certdata.txt for the ca-certificates package, neither of
> these flags are used when the CA trust database is created, so both
> CKT_NSS_MUST_VERIFY_TRUST and CKT_NSS_TRUST_UNKNOWN flags are
> ignored. This is why I indicated these
On 11/11/2012 12:15 PM, intrigeri wrote:
> That may be me nitpicking, but "they are innocuous" does not really
> address my desire to understand an undocumented change in
> a security-sensitive area. I'm still curious and feeling like this
> should be documented somehow, but I'll happily let others
Hi,
Michael Shuler wrote (10 Nov 2012 19:02:14 GMT) :
> I intended to add a comment that those lines are in the debdiff from
> the new certdata.txt and that they are innocuous.
That may be me nitpicking, but "they are innocuous" does not really
address my desire to understand an undocumented chan
On 11/10/2012 12:23 PM, intrigeri wrote:
> Michael Shuler wrote (10 Nov 2012 17:52:41 GMT) :
>> unblock ca-certificates/20121105
>
> There are multiple instances of:
>
>> -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUST_UNKNOWN
>> +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
>
> I gues
tags 692911 + moreinfo
thanks
Hi,
Michael Shuler wrote (10 Nov 2012 17:52:41 GMT) :
> unblock ca-certificates/20121105
There are multiple instances of:
> -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUST_UNKNOWN
> +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
I guess that was imported
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Please unblock package ca-certificates
ca-certificates/20121105 has been uploaded to unstable and includes two
important fixes for Wheezy:
10 matches
Mail list logo
