Public bug reported: ~$ lsb_release -rd Description: Ubuntu 20.10 Release: 20.10 ~$ apt list --installed | grep ca-certificates
WARNING: apt does not have a stable CLI interface. Use with caution in scripts. ca-certificates/groovy-updates,groovy-security,now 20201027ubuntu0.20.10.1 all [installed,automatic] Repro steps: 1. Open Terminal. 2. Execute: wget https://dot.net/v1/dotnet-install.sh chmod +x ./dotnet-install.sh ./dotnet-install.sh -c 5.0 export DOTNET_ROOT=$HOME/.dotnet export PATH=$PATH:$HOME/.dotnet dotnet new console dotnet add package System.Collections.Immutable Expected result: Package restore will succeed. Actual result: Package restore fails with: error: NU3028: Package 'System.Collections.Immutable 5.0.0' from source 'https://api.nuget.org/v3/index.json': The author primary signature's timestamp found a chain building issue: UntrustedRoot: self signed certificate in certificate chain There has been a planned process to distrust Symantec certificates in the certificate store over the past two years. The Debian ca-certificates package removed this CA for both TLS (expected) and other uses (like timestamping) (unexpected). Trust was added back in a subsequent update. See https://release.debian.org/proposed-updates/stable.html#ca-certificates_20200601~deb10u2 for details. ** Affects: ca-certificates (Ubuntu) Importance: Undecided Status: New ** Summary changed: - ca-certificates: Symantec CA blacklisted + ca-certificates: Symantec CA blacklisted for non-TLS uses -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1913951 Title: ca-certificates: Symantec CA blacklisted for non-TLS uses To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/1913951/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
