On 07/21/2015 09:05 AM, Cédric Dufour - Idiap Research Institute wrote:
We do have the wheezy-updates repository enabled:
# rgrep wheezy-updates /etc/apt/sources.list*
/etc/apt/sources.list.d/debian.list:deb
http://<daily-updated-local-mirror>/debian.wheezy/ wheezy-updates main contrib
non-free
/etc/apt/sources.list.d/debian.list:#deb-src
http://mirror.switch.ch/ftp/mirror/debian/ wheezy-updates main contrib non-free
Would you plan to push an updated/"backported" ca-certificates in
wheezy-updates ?
Would security updates - e.g. removal of a compromised CA - make it to it ?
I'm thinking that an upload of the jessie version,
ca-certificates_20141019, may be appropriate for wheezy-updates, or just
a rebuild with the Mozilla CA bundle from that version, excluding the
additional changes. I'm not sure, yet. There is a bit of hand waving at
the removal of 1024-bit CAs by Mozilla in the latest CA bundle currently
in Stretch, and I don't want to be that disruptive in wheezy-updates (or
jessie-updates, for that matter..)
You can dig around git and look through debian/changelog in the stable
release branches, as well as master (sid/testing), for the CAs that
Mozilla has added/removed.
http://anonscm.debian.org/cgit/collab-maint/ca-certificates.git
Jessie changelog:
http://anonscm.debian.org/cgit/collab-maint/ca-certificates.git/tree/debian/changelog?h=debian-jessie
--
Kind regards,
Michael
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
