[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCHES] profiles: Produce a single-file CA certificate bundle
From: |
Andreas Enge |
Subject: |
Re: [PATCHES] profiles: Produce a single-file CA certificate bundle |
Date: |
Tue, 3 Mar 2015 13:23:33 +0100 |
User-agent: |
Mutt/1.5.23 (2014-03-12) |
On Tue, Mar 03, 2015 at 03:27:57AM -0500, Mark H Weaver wrote:
> I think perhaps that we should be more selective in the certs we add to
> ca-certificates.crt. Debian has a configuration file
> /etc/ca-certificates.conf, and only adds certificates that are
> explicitly listed there to ca-certificates.crt.
Actually I wondered about the question during the recent Comodo scandal:
Should we remove the Comodo CA certificates from our store?
If we decide to remove certificates, this should not only be done in the
aggregation phase into one file. They should be removed at the end of the
nss-certs build, so that also the single certificate files will disappear.
What is left over can be collected into one file as is done now.
Thanks for looking into this!
Andreas