[Bug 738383] New: perl-Mozilla-CA: stop shipping own certificate bundle

Wed Sep 14 16:59:54 UTC 2011

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.

Summary: perl-Mozilla-CA: stop shipping own certificate bundle

https://bugzilla.redhat.com/show_bug.cgi?id=738383

           Summary: perl-Mozilla-CA: stop shipping own certificate bundle
           Product: Fedora
           Version: rawhide
          Platform: Unspecified
        OS/Version: Unspecified
            Status: NEW
          Severity: high
          Priority: medium
         Component: perl-Mozilla-CA
        AssignedTo: ppisar at redhat.com
        ReportedBy: thoger at redhat.com
         QAContact: extras-qa at fedoraproject.org
                CC: fedora-perl-devel-list at redhat.com,
                    mmaslano at redhat.com, ppisar at redhat.com
    Classification: Fedora
      Story Points: ---
              Type: ---

Description of problem:
perl-Mozilla-CA comes with certificate bundle generated from nss/mozilla
certdata.txt.  It's the same source that is used to build ca-bundle.crt form
ca-certificates.  We should not duplicate those bundles, as that makes it more
difficult to deal with updates when some CA needs to be removed (think of
recent DigiNotar).

Additionally, Mozilla-CA upstream is not currently generating their bundle
correctly and are adding certs that are flagged as untrusted in nss/mozilla:
https://rt.cpan.org/Public/Bug/Display.html?id=70967

We should really consider making perl-Mozilla-CA require ca-certificates and
use that bundle instead.

-- 
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.