Package: release.debian.org Severity: normal Tags: bookworm User: release.debian....@packages.debian.org Usertags: pu X-Debbugs-Cc: igtf-policy-bun...@packages.debian.org Control: affects -1 + src:igtf-policy-bundle
[ Reason ] The GEANT TCS Generation 4 contract ended quite suddenly with little warning from the vendor. The new Generation 5 was put together quite quickly, but the necessary CAs and intermediate CAs from HARICA were only accredited with version 1.133 of this bundle. For a smooth transition for users, I propose to update the package in stable (bookworm). [ Impact ] Without this update, sites are unable to verify the identity of users with certificates issued under the new contract, and vice versa users are unable to assert the identity of servers with such certificates. [ Tests ] Since the package includes no code per se, testing consists of installing on systems with (test or pre-production) services and checking TLS interactions. [ Risks ] The risk is low, as the bundle is issued under the oversight of the Interoperable Global Trust Federation (igtf.net) who issue regular reviews to maintain the accredited status of the associated CAs. The updates of the bundle are usually of a nature that would not require immediate updates. [ Checklist ] [*] *all* changes are documented in the d/changelog [*] I reviewed all changes and I approve them [*] attach debdiff against the package in (old)stable [*] the issue is verified as fixed in unstable [ Changes ] Changes to the bundle are documented in the upstream CHANGES file.
