Source: rust-webpki-roots Severity: serious Tags: security X-Debbugs-Cc: Debian Security Team <t...@security.debian.org>, kpcyrd <g...@rxv.cc> Usertags: embed
rust-webpki-roots is essentially a duplicate of ca-certificates. https://tracker.debian.org/pkg/ca-certificates https://wiki.debian.org/EmbeddedCopies AFAICT, rebuilding the package from source doesn't run the upstream supplied build.py script, so rebuilding from source won't update the certs available in the package. Having to rebuild rust-webpki-roots and everything that depends on it after every update of ca-certificates would be very annoying though. Probably rust-webpki-roots should be removed from Debian and replaced with something that loads the certs from ca-certificates at runtime. As far as I can tell, nothing in Debian uses rust-webpki-roots, but on IRC, kpcyrd mentioned that they have projects that use webpki-roots, CCing them in order to get more info about that usage. $ ssh mirror.ftp-master.debian.org dak rm -s unstable -Rn rust-webpki-roots Will remove the following packages from unstable: librust-webpki-roots-dev | 0.20.0-1+b1 | amd64, arm64, armel, armhf, i386 rust-webpki-roots | 0.20.0-1 | source webpki-roots | 0.20.0-1+b1 | amd64, arm64, armel, armhf, i386 Maintainer: Debian Rust Maintainers <pkg-rust-maintain...@alioth-lists.debian.net> ------------------- Reason ------------------- ---------------------------------------------- Checking reverse dependencies... No dependency problem found. -- bye, pabs https://wiki.debian.org/PaulWise
signature.asc
Description: This is a digitally signed message part