Hi,
Christoph Anton Mitterer wrote:
> I doubt that the removal of CAcert was a good decision...
A quite bad decision in my view, too.
Already having CAcert root certificiates in the right place over
really trusted ways (secure apt) is^Wwas one of Debian's cooler
features.
So thanks Chris for his elaborate reasoning, showing why the removal
is a bad idea. With the exception that you think that ca-certificates
is merely the Mozilla CA package, I do agree with Chris' reasoning.
The administrator of a machine can easily disable certificiates he
doesn't trust, but only if they are included in ca-certificates.
So if it helps including CAcert's root certificates again in
ca-certificates, please include them, but disable them by default if
they're not up to some (IMHO questionable) inclusion policy. That way,
every user can securely download them via APT and enable them for the
whole system (and not only per browser) if wanted.
I really hope that the ca-certificates maintainers come back to their
senses again and revert this unsound removal soon.
Regards, Axel
--
,''`. | Axel Beckert <[email protected]>, http://people.debian.org/~abe/
: :' : | Debian Developer, ftp.ch.debian.org Admin
`. `' | 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
`- | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
