public-mirrors/ca-certificates
1
0
Fork 0
mirror of https://git.launchpad.net/ubuntu/+source/ca-certificates synced 2025-04-13 09:38:26 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
ca-certificates/debian
History
Michael Shuler 13b720ed5d 20130119 (patches unapplied) 
Imported using git-ubuntu import.
2013-01-20 22:18:09 +00:00
..
po 20120623 (patches unapplied) 2012-06-23 22:17:10 +00:00
source 20111025 (patches unapplied) 2011-10-27 03:21:21 +00:00
ca-certificates.triggers 20130119 (patches unapplied) 2013-01-20 22:18:09 +00:00
changelog 20130119 (patches unapplied) 2013-01-20 22:18:09 +00:00
compat 20111022 (patches unapplied) 2011-10-22 21:20:59 +00:00
config 20130119 (patches unapplied) 2013-01-20 22:18:09 +00:00
config.in 20110502 (patches unapplied) 2011-06-30 03:16:26 +00:00
control 20130119 (patches unapplied) 2013-01-20 22:18:09 +00:00
copyright 20120623 (patches unapplied) 2012-06-23 22:17:10 +00:00
dirs 20080809 (patches unapplied) 2008-10-29 12:52:10 +00:00
NEWS 20130119 (patches unapplied) 2013-01-20 22:18:09 +00:00
postinst 20121114 (patches unapplied) 2012-11-29 04:18:21 +00:00
postrm 20121105 (patches unapplied) 2012-11-07 22:18:35 +00:00
README.Debian 20120212 (patches unapplied) 2012-02-14 03:21:23 +00:00
rules 20111022 (patches unapplied) 2011-10-22 21:20:59 +00:00
templates 20111022 (patches unapplied) 2011-10-22 21:20:59 +00:00

README.Debian 

The Debian Package “ca-certificates”
----------------------------------

This package includes PEM files of CA certificates to allow SSL-based
applications to check for the authenticity of SSL connections.

Please note that Debian can neither confirm nor deny whether the
certificate authorities whose certificates are included in this package
have in any way been audited for trustworthiness or RFC 3647 compliance.
Full responsibility to assess them belongs to the local system
administrator.

The CA certificates contained in this package are installed into
“/usr/share/ca-certificates”.

The configuration file “/etc/ca-certificates.conf” is seeded with
trust information through Debconf.  Just call “dpkg-reconfigure
ca-certificates” to adjust the settings.

“update-ca-certificates” will then update “/etc/ssl/certs” which may be
used by the web browsers in Debian.  It will also generate the hash
symlinks and generate a single-file version in
“/etc/ssl/certs/ca-certificates.crt”.

If you want to install local certificate authorities to be implicitly
trusted, please put the certificate files as single files ending with
“.crt“ into “/usr/local/share/ca-certificates” and re-run
“update-ca-certificates”.  If you want to prepare a local package
of your certificates, you should depend on “ca-certificates“, install
the PEM files into “/usr/local/share/ca-certificates” as above and call
“update-ca-certificates” in the package's “postinst“.

How certificates will be accepted into the ca-certificates package
------------------------------------------------------------------

**** Notice! ****
 Option 1, listed below, is deprecated.  Please, see Debian bug report
 #647848 for discussion on establishing a new Debian CA Certificate
 Policy for CA inclusion, maintenance, and enforcement in Debian
 ca-certificates.  Option 2, below, is the only current method.
 - http://bugs.debian.org/647848
*****************

 Option 1:
 - File a *GPG-signed* bug report against ca-certificates with
   *severity normal*.  The bug report must include an attached
   copy of the PEM certificates of the CA, a link to and a
   description of the CA, the licence of the CA certificate
   and signed fingerprint and/or hash values of the certificate.
 - Get two or three recommendations from other people to the
   bug report, GPG-signed (preferably from the strong set).
 - CA certificates will not be accepted if requested by only
   one person.

 Option 2:
 - Get it included into Mozilla's trust store.
 - File a bug against ca-certificates stating this fact.