Nicolás Reynolds <[email protected]> writes: > this is important, our certificates are issued by cacert.
now that ca-certificates doesn't provide cacert anymore, i asked emulatorman to blacklist it and keep the previous version on [libre] until we decide what to do. some people got the newer ca-certificates anyway and are reporting mal functioning updates (pacman can't verify the repo certs). i've seen there's a cacert-dot-org package in aur that provides the certificate. people reports that it's working though i haven't had time to try it myself or review the pkgbuild. it's done by prurigro who hangs around on #parabola so we could ask him (her?). i read in the debian discussion i think, that the root distribution license for cacert could be considered unfree though it looked ok to me. the only weird thing is that it has an announcement clause which i think could be fullfilled in the post_install hook. what do you think? should we unblacklist ca-certificates and provide cacert-dot-org in our base bundle (as a dependency for pacman?)? if you know of a gratis certificate authority that's also included in ca-certificates and allows for wildcard cert please let me know. for instance, we have a single certificate for *.parabola.nu that covers any subdomain. -- }(:=
pgpdijcndxAKv.pgp
Description: PGP signature
_______________________________________________ Dev mailing list [email protected] https://lists.parabolagnulinux.org/mailman/listinfo/dev
