Package: ca-certificates Version: 20141019 Severity: wishlist
Hi. Since a while now, the ca-certificates package is - apart from the whole infrastructure stuff - merely a container for the Mozilla CA bundle, as basically all other CAs have been pushed out or never been accepted. The Mozilla CA bundle by itself is not more trustworthy than any other CA collection (actually, having the security expert hat on, I'd say it's even far less trustworthy). But since it shouldn't be Debian's task or choice to decide what's trust- worthy and what's not, it would be nice if the actually CAs, could be split out into separate packages, and ca-certificates would only provide the infrastruture stuff (hooks, debconf, etc.). If e.g. the Mozilla bundle would be split out to ca-mozilla or something like that, users that have no interest in these certs could choose not to install that package and save some space. Also it wouldn't require users to run updates just because the Mozilla CA bundle changes,... even if they use nothing of it but just want the infrastructure parts to be used with e.g. the IGTF certs or other CA packages in Debian. Cheers, Chris. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]

