[Dev] [Pierre Schmitz] [arch-dev-public] CAcert dropped from certificate bundle
Nicolás Reynolds
fauno at endefensadelsl.org
Tue Apr 8 22:36:12 GMT 2014
Nicolás Reynolds <fauno at endefensadelsl.org> writes:
> this is important, our certificates are issued by cacert.
now that ca-certificates doesn't provide cacert anymore, i asked
emulatorman to blacklist it and keep the previous version on [libre]
until we decide what to do. some people got the newer ca-certificates
anyway and are reporting mal functioning updates (pacman can't verify
the repo certs).
i've seen there's a cacert-dot-org package in aur that provides the
certificate. people reports that it's working though i haven't had time
to try it myself or review the pkgbuild. it's done by prurigro who
hangs around on #parabola so we could ask him (her?).
i read in the debian discussion i think, that the root distribution
license for cacert could be considered unfree though it looked ok to
me. the only weird thing is that it has an announcement clause which i
think could be fullfilled in the post_install hook.
what do you think? should we unblacklist ca-certificates and provide
cacert-dot-org in our base bundle (as a dependency for pacman?)?
if you know of a gratis certificate authority that's also included in
ca-certificates and allows for wildcard cert please let me know. for
instance, we have a single certificate for *.parabola.nu that covers any
subdomain.
--
}(:=
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 619 bytes
Desc: not available
URL: <https://lists.parabola.nu/pipermail/dev/attachments/20140408/13d3037a/attachment.sig>
More information about the Dev
mailing list