Created by Ubuntu Package Importer and last modified
Get this branch:
bzr branch lp:ubuntu/trusty-proposed/ca-certificates
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Ubuntu branches
Review team:
Ubuntu Development Team

Recent revisions

29. By Marc Deslauriers

No longer ship cacert.org certificates. (LP: #1258286)

28. By Marc Deslauriers

mozilla/certdata2pem.py: Work around openssl issue by shipping both
versions of the same signed roots. Previously, the script would simply
overwrite the first one found in the certdata.txt with the later one
since they both have the same CKA_LABEL, resulting in identical
filenames. (LP: #1014640)

27. By Michael Shuler

* Add ca-certificates-local source package example to documentation
* Update local certificate handling in README.Debian.
  Closes: #718173, LP: #487845
* Update CA inclusion policy for ca-certificates in README.Debian. With
  the exception of SPI and CAcert, only those CAs included in Mozilla's
  trust store will be included in ca-certificates in Debian.
  Closes: #647848, LP: #103074
* Clarify that not all software that uses SSL uses ca-certificates in
  README.Debian. Closes: #664769
* Add mozilla/nssckbi.h to source, since certdata.txt no longer contains
  a version number.
* Update debian/copyright to "Copyright: Mozilla Contributors" for
* Update mozilla/certdata.txt to version 1.94
  Certificates added (+) and removed (-):
  + "CA Disig Root R1"
  + "CA Disig Root R2"
  + "China Internet Network Information Center EV Certificates Root"
  + "D-TRUST Root Class 3 CA 2 2009"
  + "D-TRUST Root Class 3 CA 2 EV 2009"
  + "PSCProcert"
  + "Swisscom Root CA 2"
  + "Swisscom Root EV CA 2"
  + "TURKTRUST Certificate Services Provider Root 2007"
  - "Equifax Secure eBusiness CA 2"
  - "TC TrustCenter Universal CA III"

26. By Thijs Kinkhorst

[ Michael Shuler ]
* Install CAcert root and class3 certificates individually, no longer
  installing the concatenation of the two. The individual certificates
  are installed as cacert.org_root.crt and cacert.org_class3.crt for ease
  of identification. Additionally, this allows openssl maintainers to drop
  a problematic patch to c_rehash for handling multi-certificate files.
  (see #642314) Closes: #692323
* Update Vcs-* fields for lintian vcs-field-not-canonical
* Update to machine-readable debian/copyright file v1.0

[ Thijs Kinkhorst ]
* Drop upgrading code for upgrades from Debian Etch and earlier.
* Remove obsolete debconf.org CA certificate. DebConf now uses an
  intermediate certificate signed by SPI. (Closes: #693405)
* Remove obsolete SPI CA certiticate.
* Update Standards-Version: 3.9.4 (no changes needed)
* Clean up man page (LP#: 850997).

25. By Michael Shuler

* Update mozilla/certdata.txt to version 1.87 Closes: #697366
  Certificates removed (-) (none added):
  - "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı"
* Remove unneeded and confusing usage of interest-noawait; remove unneeded
  Pre-Depends on dpkg. Thanks to Guillem Jover for the help and patch.
  Closes: #537051

24. By Michael Shuler

[ Don Armstrong ]
* Breaks ca-certificates-java (<<20121112+nmu1); partially fixing #537051.
* Provide update-ca-certificates and update-ca-certificates-fresh
* Call the triggers using no-await so that the configuration files from
  the newer version of ca-certificates-java are in places before the
  upgrade. Closes: #537051.

[ Michael Shuler ]
* Add note to previous mozilla/certdata.txt changelog entry to document

23. By Michael Shuler

* Update mozilla/certdata.txt to version 1.86 Closes: #683728
  Certificates added (+) (none removed):
  + "Actalis Authentication Root CA"
  + "Trustis FPS Root CA"
  + "StartCom Certification Authority" (renewal/rehash)
  + "StartCom Certification Authority G2"
  + "Buypass Class 2 Root CA"
  + "Buypass Class 3 Root CA"
  + "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı"
  + "T-TeleSec GlobalRoot Class 3"
  + "EE Certification Centre Root CA"
* Correct piuparts package remove/purge behavior Closes: #682125
  - Remove deletes of /etc/ssl{,/certs} from debian/postrm

22. By Michael Shuler

* Add Polish translation, thanks to Michał Kułach. Closes: #660002
* Add Turkish translation, thanks to Atila KOÇ. Closes: #661785
* Correct update-ca-certificates(8) alignment Closes: #666932
* Add note to update-ca-certificates(8) about .crt extension needed for
  CA certificates in /usr/local/share/ca-certificates Closes: #595279
* Update mozilla/certdata.txt to version 1.83
  Mozilla Public License updated to v2.0
  (no added/removed CAs)
* Update debian/copyright to:
  - reflect MPL v2.0 update for mozilla/certdata.txt
  - specify GPL-2 instead of GPL symlink
* Update debian/NEWS with added/removed certs from 20111211 and 20120212
* Update to Standards-Version: 3.9.3 (no changes needed)

21. By Michael Shuler

* Update mozilla/certdata.txt to version 1.81
  Certificates added (+) and removed (-):
  + "Security Communication RootCA2"
  + "EC-ACC"
  + "Hellenic Academic and Research Institutions RootCA 2011"
  - "Verisign Class 2 Public Primary Certification Authority"
  - "Verisign Class 4 Public Primary Certification Authority - G2"
  - "TC TrustCenter, Germany, Class 2 CA"
  - "TC TrustCenter, Germany, Class 3 CA"
* Add notice to README.Debian deprecating CA inclusions and refer to
  #647848 for Debian CA Certificate Policy discussion.

20. By Michael Shuler

* Clarify CA audit note in package description and README.debian. Thanks
  to C.J. Adams-Collier for the patch. Closes: #594383
* Remove French Government IGC/A CA certificates. The RSA certificate is
  included in the Mozilla bundle and the DSA certificate is not in use.
  Closes: #646767
* Remove expired signet.pl CAs. Closes: #647849
* Remove expired brasil.gov.br CA.
* Edit 20111025 changelog/NEWS entries to correctly list installed CAs
* Use 'set -e' in body of debian/postinst
* Update mozilla/certdata.txt to version 1.80
  (no added/removed CAs)
* Update mozilla/certdata2pem.py to parse NETSCAPE or NSS data

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
This branch contains Public information 
Everyone can see this information.