[Pkg-mozext-maintainers] Bug#744230: Bug#744230: Please disable rules that depend on CACert certificates
Josh Triplett
josh at joshtriplett.org
Fri Apr 11 18:11:57 UTC 2014
On Fri, Apr 11, 2014 at 12:41:40PM -0400, "David Prévot" wrote:
> Hi,
>
> > Package: xul-ext-https-everywhere
> > Version: 3.4.5-1
> > Severity: important
> >
> > With CACert removed from the Debian default certificates, it no longer
> > makes sense to enable the CACert-dependent rules in https-everywhere.
>
> As an additional data-point: there are ongoing discussions (e.g., #741561)
> about adding back CACert to ca-certificates or another package.
It seems highly unlikely that CACert will return to ca-certificates,
barring its wider acceptance elsewhere, which won't happen in the near
future. And if it shows up in a separate package, it should still
remain disabled by default in https-everywhere. If in the future CACert
returns to ca-certificates, https-everywhere can re-enable the
CACert-dependent rules at that time. Meanwhile, having them enabled
breaks browsing to sites that use CACert certificates, requiring the
user to manually disable each rule as they encounter certificate
warnings.
- Josh Triplett
More information about the Pkg-mozext-maintainers
mailing list