[Bug 738383] New: perl-Mozilla-CA: stop shipping own certificate bundle
bugzilla at redhat.com
bugzilla at redhat.com
Wed Sep 14 16:59:54 UTC 2011
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
Summary: perl-Mozilla-CA: stop shipping own certificate bundle
https://bugzilla.redhat.com/show_bug.cgi?id=738383
Summary: perl-Mozilla-CA: stop shipping own certificate bundle
Product: Fedora
Version: rawhide
Platform: Unspecified
OS/Version: Unspecified
Status: NEW
Severity: high
Priority: medium
Component: perl-Mozilla-CA
AssignedTo: ppisar at redhat.com
ReportedBy: thoger at redhat.com
QAContact: extras-qa at fedoraproject.org
CC: fedora-perl-devel-list at redhat.com,
mmaslano at redhat.com, ppisar at redhat.com
Classification: Fedora
Story Points: ---
Type: ---
Description of problem:
perl-Mozilla-CA comes with certificate bundle generated from nss/mozilla
certdata.txt. It's the same source that is used to build ca-bundle.crt form
ca-certificates. We should not duplicate those bundles, as that makes it more
difficult to deal with updates when some CA needs to be removed (think of
recent DigiNotar).
Additionally, Mozilla-CA upstream is not currently generating their bundle
correctly and are adding certs that are flagged as untrusted in nss/mozilla:
https://rt.cpan.org/Public/Bug/Display.html?id=70967
We should really consider making perl-Mozilla-CA require ca-certificates and
use that bundle instead.
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the perl-devel
mailing list