X-Git-Url: https://git.donarmstrong.com/?a=blobdiff_plain;f=debian%2FREADME.Debian;h=093fad04a56b0e567ca821547cc0cb6dd15f2370;hb=3ed820e2c681687a754e1b71af1eae612fadac7b;hp=b68b6d129807e32fdea7fdb563517f5b708e3a11;hpb=ec9311ac6b70963e9a1feb14341c07fbbea377a2;p=ca-certificates.git

diff --git a/debian/README.Debian b/debian/README.Debian
index b68b6d1..093fad0 100644
--- a/debian/README.Debian
+++ b/debian/README.Debian
@@ -1,43 +1,50 @@
-The Debian Package ca-certificates
+The Debian Package âca-certificatesâ
 ----------------------------------
 
-Common CA certificates PEM files, installed in /usr/share/ca-certificates/
-
-It includes the following certificates:
- - spi-inc.org certificate
- - db.debian.org certificate
- - Mozilla builtin CA certificates
- - brasil.gov.br certificate
- - cacert.org certificate
-
-configuration file:
- /etc/ca-certificates.conf
-	- managed by debconf
-   # dpkg-reconfigure ca-certificates
-
- update-ca-certificates will update /etc/ssl/certs
-	make hash symlinks
-	generate ca-certificates.crt (single-file version)
-
-/etc/ssl/certs/ca-certificates.crt will be used by many of the web browsers
-in Debian, including mozilla, when deciding what secure web sites to trust.
-
-For w3m package, it has ssl_ca_path configuration in /etc/w3m/w3mconfig,
-so it works without any configuration.  You can specify 
-/etc/ssl/certs/ca-certificates.crt for ssl_ca_file instead.
-
-
-How certificate will be accepted in ca-certificates package
------------------------------------------------------------
-
- - submit *GPG signed* bug report to ca-certificate with severity normal.
-   the bug report should include
-     - description of the CA
-     - how to obtain CA cert pem or paste it in the bug report
-     - license of the CA certificate
-     - fingerprint and/or hash value of the cert
- - get 2 or 3 recommendation ("seconded" mail) from other people to 
-   the bug report, GPG signed.
-   I won't accept if the CA is requested by only one people.
-   
- -- ukai <ukai@debian.or.jp>, Wed May 18 01:24:57 2005
+This package includes PEM files of CA certificates to allow SSL-based
+applications to check for the authenticity of SSL connections.
+
+Please note that we can neither confirm nor deny whether the certificate
+authorities whose certificates are included in this package have in
+any way been audited for trustworthiness or RFC 3647 compliance.  Full
+responsibility to assess them belongs to the local system
+administrator.
+
+The CA certificates contained in this package are installed into
+â/usr/share/ca-certificatesâ.
+
+The configuration file â/etc/ca-certificates.confâ is seeded with
+trust information through Debconf.  Just call âdpkg-reconfigure
+ca-certificatesâ to adjust the settings.
+
+âupdate-ca-certificatesâ will then update â/etc/ssl/certsâ which may be
+used by the web browsers in Debian.  It will also generate the hash
+symlinks and generate a single-file version in
+â/etc/ssl/certs/ca-certificates.crtâ.
+
+If you want to install local certificate authorities to be implicitly
+trusted, please put the certificate files as single files ending with
+â.crtâ into â/usr/local/share/ca-certificatesâ and re-run
+âupdate-ca-certificatesâ.  If you want to prepare a local package
+of your certificates, you should depend on âca-certificatesâ, install
+the PEM files into â/usr/local/share/ca-certificatesâ as above and call
+âupdate-ca-certificatesâ in the package's âpostinstâ.
+
+How certificates will be accepted into the ca-certificates package
+------------------------------------------------------------------
+
+ Option 1:
+ - File a *GPG-signed* bug report against ca-certificates with
+   *severity normal*.  The bug report must include an attached
+   copy of the PEM certificates of the CA, a link to and a
+   description of the CA, the licence of the CA certificate
+   and signed fingerprint and/or hash values of the certificate.
+ - Get two or three recommendations from other people to the
+   bug report, GPG-signed (preferably from the strong set).
+ - CA certificates will not be accepted if requested by only
+   one person.
+
+ Option 2:
+ - Get it included into Mozilla's trust store.
+ - File a bug against ca-certificates stating this fact.
+