[Pkg-mozext-maintainers] Bug#744230: Bug#744230: Please disable rules that depend on CACert certificates

Josh Triplett josh at joshtriplett.org
Fri Apr 11 18:11:57 UTC 2014


On Fri, Apr 11, 2014 at 12:41:40PM -0400, "David Prévot" wrote:
> Hi,
> 
> > Package: xul-ext-https-everywhere
> > Version: 3.4.5-1
> > Severity: important
> >
> > With CACert removed from the Debian default certificates, it no longer
> > makes sense to enable the CACert-dependent rules in https-everywhere.
> 
> As an additional data-point: there are ongoing discussions (e.g., #741561)
> about adding back CACert to ca-certificates or another package.

It seems highly unlikely that CACert will return to ca-certificates,
barring its wider acceptance elsewhere, which won't happen in the near
future.  And if it shows up in a separate package, it should still
remain disabled by default in https-everywhere.  If in the future CACert
returns to ca-certificates, https-everywhere can re-enable the
CACert-dependent rules at that time.  Meanwhile, having them enabled
breaks browsing to sites that use CACert certificates, requiring the
user to manually disable each rule as they encounter certificate
warnings.

- Josh Triplett



More information about the Pkg-mozext-maintainers mailing list