[Dev] [Pierre Schmitz] [arch-dev-public] CAcert dropped from certificate bundle

Nicolás Reynolds fauno at endefensadelsl.org
Tue Apr 8 22:36:12 GMT 2014

Nicolás Reynolds <fauno at endefensadelsl.org> writes:

> this is important, our certificates are issued by cacert.

now that ca-certificates doesn't provide cacert anymore, i asked
emulatorman to blacklist it and keep the previous version on [libre]
until we decide what to do.  some people got the newer ca-certificates
anyway and are reporting mal functioning updates (pacman can't verify
the repo certs).

i've seen there's a cacert-dot-org package in aur that provides the
certificate.  people reports that it's working though i haven't had time
to try it myself or review the pkgbuild.  it's done by prurigro who
hangs around on #parabola so we could ask him (her?).

i read in the debian discussion i think, that the root distribution
license for cacert could be considered unfree though it looked ok to
me.  the only weird thing is that it has an announcement clause which i
think could be fullfilled in the post_install hook.

what do you think?  should we unblacklist ca-certificates and provide
cacert-dot-org in our base bundle (as a dependency for pacman?)?

if you know of a gratis certificate authority that's also included in
ca-certificates and allows for wildcard cert please let me know.  for
instance, we have a single certificate for *.parabola.nu that covers any

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 619 bytes
Desc: not available
URL: <https://lists.parabola.nu/pipermail/dev/attachments/20140408/13d3037a/attachment.sig>

More information about the Dev mailing list