SSL certificate issue in Debian boinc-client

Gianfranco Costamagna costamagnagianfranco at
Tue Feb 23 17:10:24 UTC 2016

>Nothing expired here. Mozilla decided it is a good thing to remove root

>certificates that are signed using SHA1 and Debian followed suite. But
>the removal of those (still valid) certificates in Jessie uncovered the
>Bug in openssl (which mainly affects curl on Jessie (wget is working).
>I don't know how to escalate the ca-certificates bug so someone is
>reverting the change there. The security team won't like this also
>because they will consider the SHA1 certificates as insecure. But they
>also do not allow an upgrade of openssl because this will pull in new

>So the question is: How can I get the ca-certificates maintainers to
>revert there change? By elevating the Bug to release critical?

please open a serious bug against the package, explaining why it needs to be reverted

and be sure to set exactly the affected version(s).

>Thanks for your time anyway.

I can try to have a fixed ca-certificates in jessie if needed, this would be the best move.
(and maybe let security team do this)



More information about the pkg-boinc-devel mailing list