Package: ca-certificates
Version: 20141019
Severity: wishlist

Hi.

Since a while now, the ca-certificates package is - apart from the whole
infrastructure stuff - merely a container for the Mozilla CA bundle, as
basically all other CAs have been pushed out or never been accepted.

The Mozilla CA bundle by itself is not more trustworthy than any other
CA collection (actually, having the security expert hat on, I'd say it's
even far less trustworthy).
But since it shouldn't be Debian's task or choice to decide what's trust-
worthy and what's not, it would be nice if the actually CAs, could
be split out into separate packages, and ca-certificates would only
provide the infrastruture stuff (hooks, debconf, etc.).

If e.g. the Mozilla bundle would be split out to ca-mozilla or something
like that, users that have no interest in these certs could choose not
to install that package and save some space.
Also it wouldn't require users to run updates just because the Mozilla
CA bundle changes,... even if they use nothing of it but just want the
infrastructure parts to be used with e.g. the IGTF certs or other CA
packages in Debian.


Cheers,
Chris.


-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to