[ca-certificates.git] / debian / NEWS

ca-certificates (20121103) UNRELEASED; urgency=low

  Update mozilla/certdata.txt to version 1.85
    Certificates added (+) (none removed):
    + "Actalis Authentication Root CA"
    + "Trustis FPS Root CA"
    + "StartCom Certification Authority" (renewal/rehash)
    + "StartCom Certification Authority G2"
    + "Buypass Class 2 Root CA"
    + "Buypass Class 3 Root CA"
  Remove CAcert CA certificates due to non-free license

 -- Michael Shuler <michael@pbandjelly.org>  Sat, 03 Nov 2012 15:48:32 -0500

ca-certificates (20120212) unstable; urgency=low

  Update mozilla/certdata.txt to version 1.81
    Certificates added (+) and removed (-):
    + "Security Communication RootCA2"
    + "EC-ACC"
    + "Hellenic Academic and Research Institutions RootCA 2011"
    - "Verisign Class 2 Public Primary Certification Authority"
    - "Verisign Class 4 Public Primary Certification Authority - G2"
    - "TC TrustCenter, Germany, Class 2 CA"
    - "TC TrustCenter, Germany, Class 3 CA"

 -- Michael Shuler <michael@pbandjelly.org>  Sun, 12 Feb 2012 15:12:59 -0600

ca-certificates (20111211) unstable; urgency=low

  Remove French Government IGC/A CA certificates. The RSA certificate is
    included in the Mozilla bundle and the DSA certificate is not in use.
  Remove expired signet.pl CAs.
  Remove expired brasil.gov.br CA.

 -- Michael Shuler <michael@pbandjelly.org>  Sun, 11 Dec 2011 19:05:32 -0600

ca-certificates (20111025) unstable; urgency=low

  Update mozilla/certdata.txt to latest (NSS branch version 1.64.2.13)
    Certificates added (+) and removed (-):
    + "AffirmTrust Commercial"
    + "AffirmTrust Networking"
    + "AffirmTrust Premium"
    + "AffirmTrust Premium ECC"
    + "A-Trust-nQual-03"
    + "Certinomis - Autorité Racine"
    + "Certum Trusted Network CA"
    + "Go Daddy Root Certificate Authority - G2"
    + "Root CA Generalitat Valenciana"
    + "Starfield Root Certificate Authority - G2"
    + "Starfield Services Root Certificate Authority - G2"
    + "TWCA Root Certification Authority"
    - "AOL Time Warner Root Certification Authority 1"
    - "AOL Time Warner Root Certification Authority 2"
    - "DigiNotar Root CA"
    - "Entrust.net Global Secure Personal CA"
    - "Entrust.net Global Secure Server CA"
    - "Entrust.net Secure Personal CA"
    - "IPS Chained CAs root"
    - "IPS CLASE1 root"
    - "IPS CLASE3 root"
    - "IPS CLASEA1 root"
    - "IPS CLASEA3 root"
    - "IPS Timestamping root"
    - "Thawte Personal Freemail CA"
    - "Thawte Time Stamping CA"
  Update CAcert-Class 3-Subroot-certificate  Closes: #630232

 -- Michael Shuler <michael@pbandjelly.org>  Sun, 23 Oct 2011 23:16:57 -0500

ca-certificates (20090708) unstable; urgency=low

  * Removed CA files:
    - cacert.org/root.crt and cacert.org/class3.crt:
      Both certificate files were deprecated with 20080809.  Users of these
      root certificates are encouraged to switch to
      `cacert.org/cacert.org.crt' which contains both class 1 and class 3
      roots joined in a single file.
    - quovadis.bm/QuoVadis_Root_Certification_Authority.crt:
      This certificate has been added into the Mozilla truststore and
      is available as `mozilla/QuoVadis_Root_CA.crt'.

 -- Philipp Kern <pkern@debian.org>  Wed, 08 Jul 2009 23:19:56 +0200

ca-certificates (20090701) unstable; urgency=low

  * Readded Equifax Secure Global eBusiness CA.

 -- Philipp Kern <pkern@debian.org>  Wed, 01 Jul 2009 14:47:02 +0200

ca-certificates (20090624) unstable; urgency=low

  * This update eases the installation of local certification authorities
    by providing a canonical location in `/usr/local/share/ca-certificates'.
    All certificates found in this directory will automatically be included
    into the list of trusted certificates.  For details please see
    `/usr/share/doc/ca-certificates/README.Debian'.
  * New CA certificates:
    - COMODO ECC Certification Authority
    - DigiNotar Root CA
    - Network Solutions Certificate Authority
    - WellsSecure Public Root Certificate Authority
  * Removed CA certificates:
    - Equifax Secure Global eBusiness CA
    - UTN USERFirst Object Root CA

 -- Philipp Kern <pkern@debian.org>  Wed, 24 Jun 2009 21:04:45 +0200

ca-certificates (20080809) unstable; urgency=low

  * New cacert.org.pem joining both CACert Class 1 and Class 3 certificates.
    This file can be used for proper certificate chaining if CACert
    server certificates are used.  The old class3.pem and root.pem
    certificates are deprecated.  This new file could safely serve as
    a replacement for both.

 -- Philipp Kern <pkern@debian.org>  Sat, 09 Aug 2008 14:58:24 -0300

ca-certificates (20080617) unstable; urgency=low

  * New CA certificates:
    - gouv.fr: added French Government's IGC/A CA
    - spi-inc.org: added new SPI CA certificate, created in reponse to
      the infamous OpenSSL security update (already in 20080514)
  * Removed CA certificates:
    - spi-inc.org: removed old, still valid but possibly compromised
      SPI CA certificates from 2006 and 2007 (already in 20080514)

 -- Philipp Kern <pkern@debian.org>  Fri, 20 Jun 2008 10:05:49 +0200

ca-certificates (20080411) unstable; urgency=low

  * New CA certificates:
    - spi-inc.org: current SPI CA certificate
    - telesec.de: added Deutsche Telekom Root CA 2
    - mozilla:
      + Camerfirma Chambers of Commerce Root
      + Camerfirma Global Chambersign Root
      + Certplus Class 2 Primary CA
      + COMODO Certification Authority
      + DigiCert Assured ID Root CA
      + DigiCert Global Root CA
      + DigiCert High Assurance EV Root CA
      + DST ACES CA X6
      + DST Root CA X3
      + Entrust Root Certification Authority
      + Firmaprofesional Root CA
      + GeoTrust Global CA 2
      + GeoTrust Primary Certification Authority
      + GeoTrust Universal CA
      + GeoTrust Universal CA 2
      + GlobalSign Root CA - R2
      + Go Daddy Class 2 CA
      + NetLock Business (Class B) Root
      + NetLock Express (Class C) Root
      + NetLock Notary (Class A) Root
      + NetLock Qualified (Class QA) Root
      + QuoVadis Root CA 2
      + QuoVadis Root CA 3
      + Secure Global CA
      + SecureTrust CA
      + Starfield Class 2 CA
      + StartCom Certification Authority
      + StartCom Ltd.
      + Swisscom Root CA 1
      + SwissSign Gold CA - G2
      + SwissSign Platinum CA - G2
      + SwissSign Silver CA - G2
      + Taiwan GRCA
      + thawte Primary Root CA
      + TURKTRUST Certificate Services Provider Root 1
      + TURKTRUST Certificate Services Provider Root 2
      + VeriSign Class 3 Public Primary Certification Authority - G5
      + Wells Fargo Root CA
      + XRamp Global CA Root
  * Removed CA certificates:
    - mozilla:
      + Verisign Class 1 Public Primary OCSP Responder
      + Verisign Class 2 Public Primary OCSP Responder
      + Verisign Class 3 Public Primary OCSP Responder
      + Verisign Secure Server OCSP Responder

 -- Philipp Kern <pkern@debian.org>  Mon, 07 Apr 2008 18:00:06 +0200

ca-certificates (20070303) unstable; urgency=low

  * New CA certificates:
    - debconf.org: DebConf
    - cacert.org: add class3

 -- Fumitoshi UKAI <ukai@debian.or.jp>  Sat,  3 Mar 2007 21:21:50 -0800

ca-certificates (20040808) unstable; urgency=low

  * New CA certificates:
   - brasil.gov.gr: Autoridade Certificadora Raiz Brasileira
   - signet.pl: Certification Center Signet (CC Signet)
   - quovadis.bm: QuoVadis CA certificates
  * Remove CA certificates:
   - debian.org: revoked due to crack incident.

 -- Fumitoshi UKAI <ukai@debian.or.jp>  Sun,  8 Aug 2004 22:43:36 +0900