[Bug 1647285] Re: SSL trust not system-wide
Michael Catanzaro
mcatanzaro at gnome.org
Tue Mar 24 18:10:43 UTC 2020
So for the avoidance of doubt, every independent distro has its own
custom ca-certificates package with no shared history. I know Debian,
Fedora, and openSUSE all have their own completely separate upstreams.
Looking at what Fedora does is probably a good idea indeed, just keep in
mind it has no shared history with Debian's package. I took a quick look
at openSUSE's package and it looks like it has good p11-kit integration
as well. Arch uses Fedora; not sure about other independent distros.
They all use Mozilla's certificates, but Mozilla doesn't release a
package in a way that's directly usable by distros.
Debian's ca-certificates implements certificate blacklisting by putting
a ! character at the start of a line in /etc/ca-certificates.conf (which
doesn't exist on other distros). Once a certificate is removed, it stays
removed, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=743339
which was never fixed.
** Bug watch added: Debian Bug tracker #743339
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=743339
--
You received this bug notification because you are a member of Mozilla
Bugs, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1647285
Title:
SSL trust not system-wide
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/1647285/+subscriptions
More information about the Ubuntu-mozillateam-bugs
mailing list