Hi, +1 on removal of this CA from the default system trusted CA certificates. I get why back in the day CAcert and similar projects looked like a valid idea, but the CA landscape has changed significantly [0] since then and a CA that does not conform with modern technical and operational procedures should not be included by default (e.g. CA/B baseline requirements [1], RFC3647, certificate transparency [2] et cetera) in any distribution, especially one that's that popular and widely used on servers. This also affects Ubuntu [3]..
Thanks, Aaron [0] - https://lwn.net/Articles/663875/ https://lwn.net/Articles/664385/ [1] - https://cabforum.org/baseline-requirements-documents/ [2] - https://www.certificate-transparency.org/how-ct-works [3] - https://bazaar.launchpad.net/~ubuntu-branches/ubuntu/wily/ca-certificates/wily/files/head:/spi-inc.org/
signature.asc
Description: Digital signature