On Saturday 03 September 2011 01:45:22 Mike Hommey wrote: > Looking at the patches, this really is: [...]
Ok, with the patches we got NSS covered, but we still need to do something for other users. A first look at stuff we ship, this seems to be their current status: * NSS: ice* packages should be okay after the latest NSS update. * OpenSSL Nothing special here * GnuTLS Nothing special here * chromium: Even after the NSS update, it seems to be happy to use the Explicitly Distrusted certs. * Qt: Qt4 has built-in support for SSL via OpenSSL. Qt 4.7 (wheezey+) uses certs from /etc/ssl Qt 4.6 and older (lenny, squeeze) uses its own bundled list of certs. DigiNotar not included Qt3 doesn't have built-in support for SSL. Qt3-based software often use QCA, see below * QCA There are two versions: 1 for Qt3 and 2 for Qt4, both use OpenSSL as the backend for SSL. Seems like it would be better if we also handled the issue at the libssl level. OpenSSL maintainers: does that sound doable? Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
