X-Git-Url: https://git.donarmstrong.com/?a=blobdiff_plain;f=debian%2FREADME.Debian;h=a27197d3b787667cf6b70f0410be72ab73af4292;hb=58e3ee962937a3c14cdf78a3ceb3228eafc78d4a;hp=f9898084aa84ebd7237d37bc0125d0a31192d1e2;hpb=13c290277241bd3ce081d4b5c48a1618d0770b61;p=ca-certificates.git

diff --git a/debian/README.Debian b/debian/README.Debian
index f989808..a27197d 100644
--- a/debian/README.Debian
+++ b/debian/README.Debian
@@ -1,42 +1,58 @@
-The Debian Package ca-certificates
+The Debian Package âca-certificatesâ
 ----------------------------------
 
-Common CA certificates PEM files, installed in /usr/share/ca-certificates/
-
-It includes the following certificates:
- - spi-inc.org certificate
- - db.debian.org certificate
- - Mozilla builtin CA certificates
- - brasil.gov.br certificate
- - cacert.org certificate
-
-configuration file:
- /etc/ca-certificates.conf
-	- managed by debconf
-   # dpkg-reconfigure ca-certificates
-
- update-ca-certificates will update /etc/ssl/certs
-	make hash symlinks
-	generate ca-certificates.crt (single-file version)
-
-/etc/ssl/certs/ca-certificates.crt may be used by the web browsers
-in Debian, such as w3m, when deciding what secure web sites to trust.
-For w3m package, it has ssl_ca_path configuration in /etc/w3m/w3mconfig,
-so it works without any configuration.  You can specify 
-/etc/ssl/certs/ca-certificates.crt for ssl_ca_file instead.
-
-
-How certificate will be accepted in ca-certificates package
------------------------------------------------------------
-
- - submit *GPG signed* bug report to ca-certificate with severity normal.
-   the bug report should include
-     - description of the CA
-     - how to obtain CA cert pem or paste it in the bug report
-     - license of the CA certificate
-     - fingerprint and/or hash value of the cert
- - get 2 or 3 recommendation ("seconded" mail) from other people to 
-   the bug report, GPG signed.
-   I won't accept if the CA is requested by only one people.
-   
- -- Fumitoshi UKAI <ukai@debian.or.jp>, Thu, 17 Aug 2006 13:27:55 +0900
+This package includes PEM files of CA certificates to allow SSL-based
+applications to check for the authenticity of SSL connections.
+
+Please note that Debian can neither confirm nor deny whether the
+certificate authorities whose certificates are included in this package
+have in any way been audited for trustworthiness or RFC 3647 compliance.
+Full responsibility to assess them belongs to the local system
+administrator.
+
+The CA certificates contained in this package are installed into
+â/usr/share/ca-certificatesâ.
+
+The configuration file â/etc/ca-certificates.confâ is seeded with
+trust information through Debconf.  Just call âdpkg-reconfigure
+ca-certificatesâ to adjust the settings.
+
+âupdate-ca-certificatesâ will then update â/etc/ssl/certsâ which may be
+used by the web browsers in Debian.  It will also generate the hash
+symlinks and generate a single-file version in
+â/etc/ssl/certs/ca-certificates.crtâ.
+
+If you want to install local certificate authorities to be implicitly
+trusted, please put the certificate files as single files ending with
+â.crtâ into â/usr/local/share/ca-certificatesâ and re-run
+âupdate-ca-certificatesâ.  If you want to prepare a local package
+of your certificates, you should depend on âca-certificatesâ, install
+the PEM files into â/usr/local/share/ca-certificatesâ as above and call
+âupdate-ca-certificatesâ in the package's âpostinstâ.
+
+How certificates will be accepted into the ca-certificates package
+------------------------------------------------------------------
+
+**** Notice! ****
+ Option 1, listed below, is deprecated.  Please, see Debian bug report
+ #647848 for discussion on establishing a new Debian CA Certificate
+ Policy for CA inclusion, maintenance, and enforcement in Debian
+ ca-certificates.  Option 2, below, is the only current method.
+ - http://bugs.debian.org/647848
+*****************
+
+ Option 1:
+ - File a *GPG-signed* bug report against ca-certificates with
+   *severity normal*.  The bug report must include an attached
+   copy of the PEM certificates of the CA, a link to and a
+   description of the CA, the licence of the CA certificate
+   and signed fingerprint and/or hash values of the certificate.
+ - Get two or three recommendations from other people to the
+   bug report, GPG-signed (preferably from the strong set).
+ - CA certificates will not be accepted if requested by only
+   one person.
+
+ Option 2:
+ - Get it included into Mozilla's trust store.
+ - File a bug against ca-certificates stating this fact.
+