← Back to team overview

desktop-packages team mailing list archive

  1. desktop-packages team
  2. Mailing list archive
  3. Message #109895

[Bug 1287130] Re: SPI CA certificate (i.e. effectively Debian) is not trusted out of the box

  Thread PreviousDate PreviousThread Next 
*** This bug is a duplicate of bug 1042040 ***
    https://bugs.launchpad.net/bugs/1042040

Ubuntu cannot modify Firefox's certificates.  Chris's comments
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1042040/comments/7
and
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1042040/comments/8
still apply.

** This bug has been marked a duplicate of bug 1042040
   debian CA not shipped in firefox

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to ubufox in Ubuntu.
https://bugs.launchpad.net/bugs/1287130

Title:
  SPI CA certificate (i.e. effectively Debian) is not trusted out of the
  box

Status in ubufox package in Ubuntu:
  New

Bug description:
  When I visit https://alioth.debian.org/ in Firefox, I get the familiar
  warning dialog:

      This Connection is Untrusted

      You have asked Firefox to connect securely to alioth.debian.org, but we can't 
      confirm that your connection is secure.

      Normally, when you try to connect securely, sites will present trusted 
      identification to prove that you are going to the right place. However, 
      this site's identity can't be verified.

      What Should I Do?

      If you usually connect to this site without problems, this error could mean 
      that someone is trying to impersonate the site, and you shouldn't continue.

      > Technical Details ...

      > I Understand the Risks

  I posted a question about this back in 2009
  https://answers.launchpad.net/ubuntu/+source/ca-
  certificates/+question/79192 and  finally I got a useful reply in
  November 2012 which implicates the Ubuntu Firefox license as a
  possible culprit.

  The related bug
  https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1042040 was
  closed as Invalid, but that applies to Firefox proper.  Ubuntu can and
  IMHO should make its own judgment call on which CA certificates to
  trust.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubufox/+bug/1287130/+subscriptions
  Thread PreviousDate PreviousThread Next