openjdk team mailing list archive
-
openjdk team
-
Mailing list archive
-
Message #09944
[Bug 1258286] Re: CAcert should not be trusted by default
This bug was fixed in the package ca-certificates -
20130906ubuntu0.13.10.1
---------------
ca-certificates (20130906ubuntu0.13.10.1) saucy-security; urgency=medium
* Update ca-certificates database to 20130906 (LP: #1257265):
- backport changes from the Ubuntu 14.04 20130906ubuntu1 package
- No longer ship cacert.org certificates (LP: #1258286)
- mozilla/certdata2pem.py: Work around openssl issue by shipping both
versions of the same signed roots. Previously, the script would
simply overwrite the first one found in the certdata.txt with the
later one since they both have the same CKA_LABEL, resulting in
identical filenames. (LP: #1014640, LP: #1031333)
-- Marc Deslauriers <marc.deslauriers@xxxxxxxxxx> Thu, 06 Feb 2014 17:04:56 -0500
** Changed in: ca-certificates (Ubuntu Saucy)
Status: New => Fix Released
** Changed in: ca-certificates (Ubuntu Precise)
Status: New => Fix Released
--
You received this bug notification because you are a member of OpenJDK,
which is subscribed to ca-certificates-java in Ubuntu.
https://bugs.launchpad.net/bugs/1258286
Title:
CAcert should not be trusted by default
Status in “ca-certificates” package in Ubuntu:
Fix Released
Status in “ca-certificates-java” package in Ubuntu:
Fix Released
Status in “nss” package in Ubuntu:
Fix Released
Status in “ca-certificates” source package in Lucid:
Fix Released
Status in “ca-certificates-java” source package in Lucid:
New
Status in “nss” source package in Lucid:
New
Status in “ca-certificates” source package in Precise:
Fix Released
Status in “ca-certificates-java” source package in Precise:
New
Status in “nss” source package in Precise:
New
Status in “ca-certificates” source package in Quantal:
Fix Released
Status in “ca-certificates-java” source package in Quantal:
New
Status in “nss” source package in Quantal:
New
Status in “ca-certificates” source package in Saucy:
Fix Released
Status in “ca-certificates-java” source package in Saucy:
New
Status in “nss” source package in Saucy:
New
Status in “ca-certificates” source package in Trusty:
Fix Released
Status in “ca-certificates-java” source package in Trusty:
Fix Released
Status in “nss” source package in Trusty:
Fix Released
Status in “ca-certificates” package in Debian:
Fix Released
Status in “ca-certificates-java” package in Debian:
Fix Committed
Bug description:
Ubuntu is one of the few distributions shipping CAcert as a trusted
certificate. Many distributions are considering[1] whether to remove
CAcert, and Mozilla closed the RFE[2] for CAcert in 2008, which was
opened in 2003.
Concerns were expressed about CAcert's code quality[3], and their
audit appears to be stalled.
In the past, it appears that Ubuntu disabled[4] CAcert, but this is no
longer the case. It may be wise to do so again.
[1]:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718434#50
[2]: https://bugzilla.mozilla.org/show_bug.cgi?id=215243
[3]: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718434#45
[4]: http://wiki.cacert.org/InclusionStatus?highlight=Ubuntu
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/1258286/+subscriptions