Control: tag -1 + fixed-upstream Hi,
Timo Röhling wrote: > CAcert is pretty much made obsolete by LetsEncrypt, I strongly disagree. CAcert offers way more types of certificates than Let's Encrypt. For example does Let's Encrypt not provide any certificates suitable for use as personal S/MIME e-mail certificates. > and unlike LetsEncrypt, it has never been part of the Mozilla > truststore. But instead it offers longer living certificates for hosts not directly reachable from the internet — which is a hell to achieve with Let's Encrypt. > Furthermore, the ca-cacert package has become virtually useless with > the expiry of the shipped intermediate certificate [1], Yes, it should be updated. Here I agree. > and not even CAcert seems to bother enough to link the newly > generated certificate from their official website [2]. They did in the meanwhile, citing from http://www.cacert.org/certs/CAcert_Class3Root_x14E228.txt linked on http://www.cacert.org/index.php?id=3: Validity Not Before: Apr 19 12:18:30 2021 GMT Not After : Apr 17 12:18:30 2031 GMT > Therefore, I believe it is time to acknowledge the facts and remove > the package from Debian altogether. Again, I strongly disagree. I rather hope that Dmitry gets it back into shape and then also offers it via bullseye-backports. Regards, Axel -- ,''`. | Axel Beckert <a...@debian.org>, https://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `- | 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
