summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--debian/README.Debian56
-rw-r--r--debian/README.source30
-rw-r--r--debian/ca-certificates-udeb.links1
-rw-r--r--debian/ca-certificates.dirs4
-rw-r--r--debian/ca-certificates.examples1
-rw-r--r--debian/ca-certificates.install2
-rw-r--r--debian/ca-certificates.manpages1
-rw-r--r--debian/ca-certificates.postinst187
-rw-r--r--debian/ca-certificates.postrm65
-rw-r--r--debian/ca-certificates.triggers2
-rw-r--r--debian/changelog1440
-rw-r--r--debian/clean1
-rw-r--r--debian/config163
-rw-r--r--debian/control39
-rw-r--r--debian/copyright414
-rw-r--r--debian/gbp.conf2
-rw-r--r--debian/po/POTFILES.in1
-rw-r--r--debian/po/ca.po143
-rw-r--r--debian/po/cs.po126
-rw-r--r--debian/po/da.po119
-rw-r--r--debian/po/de.po144
-rw-r--r--debian/po/es.po168
-rw-r--r--debian/po/eu.po125
-rw-r--r--debian/po/fi.po137
-rw-r--r--debian/po/fr.po128
-rw-r--r--debian/po/gl.po129
-rw-r--r--debian/po/id.po119
-rw-r--r--debian/po/it.po123
-rw-r--r--debian/po/ja.po125
-rw-r--r--debian/po/nl.po121
-rw-r--r--debian/po/pl.po119
-rw-r--r--debian/po/pt.po141
-rw-r--r--debian/po/pt_BR.po144
-rw-r--r--debian/po/ru.po129
-rw-r--r--debian/po/sk.po121
-rw-r--r--debian/po/sv.po143
-rw-r--r--debian/po/templates.pot103
-rw-r--r--debian/po/tr.po96
-rw-r--r--debian/po/vi.po127
-rwxr-xr-xdebian/rules25
-rw-r--r--debian/source/format1
-rw-r--r--debian/templates43
42 files changed, 5308 insertions, 0 deletions
diff --git a/debian/README.Debian b/debian/README.Debian
new file mode 100644
index 0000000..397d649
--- /dev/null
+++ b/debian/README.Debian
@@ -0,0 +1,56 @@
+The Debian Package ca-certificates
+----------------------------------
+
+This package includes PEM files of CA certificates to allow SSL-based
+applications to check for the authenticity of SSL connections.
+
+Please note that Debian can neither confirm nor deny whether the
+certificate authorities whose certificates are included in this package
+have in any way been audited for trustworthiness or RFC 3647 compliance.
+Full responsibility to assess them belongs to the local system
+administrator.
+
+The CA certificates contained in this package are installed into
+/usr/share/ca-certificates/.
+
+The configuration file /etc/ca-certificates.conf is seeded with
+trust information through Debconf. Just call 'dpkg-reconfigure
+ca-certificates' to adjust the settings to trust or disable the installed
+certificate authorities. By default, all installed certificate authorities
+are configured to be trusted.
+
+'update-ca-certificates' will then update /etc/ssl/certs/ which may be
+used by various software in Debian. It will also generate the hash
+symlinks and generate a single-file version in
+/etc/ssl/certs/ca-certificates.crt. Some web browsers, email clients,
+and other software that use SSL maintain their own CA trust database and
+may not use the trusted CA certificates in this package. Those packages
+that *do* use ca-certificates should depend on this package. Users can
+see reverse dependencies with 'apt-cache showpkg ca-certificates'.
+
+How to install local CA certificates
+------------------------------------------------------------------
+
+If you want to install local certificate authorities to be implicitly
+trusted, please put the certificate files as single files ending with
+".crt" into /usr/local/share/ca-certificates/ and re-run
+'update-ca-certificates'. If you remove local certificates from
+/usr/local/share/ca-certificates/, you can remove symlinks by running
+'update-ca-certificates --fresh'. If you want to prepare a local
+package of your certificates, you should depend on ca-certificates,
+install the PEM files into /usr/local/share/ca-certificates/ as above
+and call 'update-ca-certificates' in the package's postinst, and should
+call 'update-ca-certificates --fresh' in the package's postrm.
+
+An example source package for building a local CA certificate package,
+using ca-certificates (>= 20130119) (since it uses triggers) can be
+found in /usr/share/doc/ca-certificates/examples/ca-certificates-local/.
+The README file in the above directory has step-by-step instructions for
+building a local CA certificate package.
+
+How certificates will be accepted into the ca-certificates package
+------------------------------------------------------------------
+
+ - Get it included in the Mozilla CA Certificate Store.
+ https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/
+
diff --git a/debian/README.source b/debian/README.source
new file mode 100644
index 0000000..94c20f0
--- /dev/null
+++ b/debian/README.source
@@ -0,0 +1,30 @@
+Mozilla switched to mercurial in 2013 and certdata.txt no longer contains
+the CVS version number. CVS version 1.87 was equivalent to hg version 1.93.
+The upstream version number can now be found in the file nssckbi.h in the
+same directory - #define NSS_BUILTINS_LIBRARY_VERSION "1.94"
+
+----
+
+Upstream Sources - release branch:
+
+ Full repository clone for latest release (~2GB):
+ hg clone https://hg.mozilla.org/releases/mozilla-release
+
+ mozilla/certdata.txt:
+ https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt
+
+ mozilla/nssckbi.h:
+ https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/nssckbi.h
+
+----
+
+Upstream Sources - development branch (may not be released):
+
+ Full repository clone for development tip:
+ hg clone https://hg.mozilla.org/projects/nss
+
+ mozilla/certdata.txt:
+ https://hg.mozilla.org/projects/nss/raw-file/default/lib/ckfw/builtins/certdata.txt
+
+ mozilla/nssckbi.h:
+ https://hg.mozilla.org/projects/nss/raw-file/default/lib/ckfw/builtins/nssckbi.h
diff --git a/debian/ca-certificates-udeb.links b/debian/ca-certificates-udeb.links
new file mode 100644
index 0000000..51bf8d3
--- /dev/null
+++ b/debian/ca-certificates-udeb.links
@@ -0,0 +1 @@
+etc/ssl/certs usr/lib/ssl/certs
diff --git a/debian/ca-certificates.dirs b/debian/ca-certificates.dirs
new file mode 100644
index 0000000..b64bbd3
--- /dev/null
+++ b/debian/ca-certificates.dirs
@@ -0,0 +1,4 @@
+etc/ssl/certs
+usr/sbin
+usr/share/ca-certificates/
+etc/ca-certificates/update.d
diff --git a/debian/ca-certificates.examples b/debian/ca-certificates.examples
new file mode 100644
index 0000000..fc85479
--- /dev/null
+++ b/debian/ca-certificates.examples
@@ -0,0 +1 @@
+examples/ca-certificates-local
diff --git a/debian/ca-certificates.install b/debian/ca-certificates.install
new file mode 100644
index 0000000..9cff2f9
--- /dev/null
+++ b/debian/ca-certificates.install
@@ -0,0 +1,2 @@
+usr/sbin/
+usr/share/ca-certificates/
diff --git a/debian/ca-certificates.manpages b/debian/ca-certificates.manpages
new file mode 100644
index 0000000..aba2173
--- /dev/null
+++ b/debian/ca-certificates.manpages
@@ -0,0 +1 @@
+sbin/update-ca-certificates.8
diff --git a/debian/ca-certificates.postinst b/debian/ca-certificates.postinst
new file mode 100644
index 0000000..68501cf
--- /dev/null
+++ b/debian/ca-certificates.postinst
@@ -0,0 +1,187 @@
+#! /bin/sh
+# postinst script for ca-certificates
+#
+# see: dh_installdeb(1)
+
+# summary of how this script can be called:
+# * <postinst> `configure' <most-recently-configured-version>
+# * <old-postinst> `abort-upgrade' <new version>
+# * <conflictor's-postinst> `abort-remove' `in-favour' <package>
+# <new-version>
+# * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
+# <failed-install-package> <version> `removing'
+# <conflicting-package> <version>
+# for details, see /usr/share/doc/packaging-manual/
+#
+# quoting from the policy:
+# Any necessary prompting should almost always be confined to the
+# post-installation script, and should be protected with a conditional
+# so that unnecessary prompting doesn't happen if a package's
+# installation fails and the `postinst' is called with `abort-upgrade',
+# `abort-remove' or `abort-deconfigure'.
+
+set -e
+
+each_value() {
+ echo "$1" |tr ',' '\n' | sed -e 's/^[[:space:]]*//'
+}
+
+memberp() {
+ m="$1"
+ l="$2"
+ each_value "$l" | grep -q "^$m\$"
+}
+
+delca() {
+ m="$1"
+ l="$2"
+ echo "$l" |sed -e 's|'"$m"', ||' -e 's|'"$m"'$||' -e 's/,[[:space:]]*,/, /' -e 's/^[[:space:]]*//' -e 's/,[[:space:]]*$//'
+}
+
+case "$1" in
+ configure)
+ if [ ! -e /usr/local/share/ca-certificates ]; then
+ if mkdir -m $(stat -L -c %a /usr/local) /usr/local/share/ca-certificates 2>/dev/null; then
+ chgrp $(stat -L -c %g /usr/local) /usr/local/share/ca-certificates
+ fi
+ # Handle upgrades and allow local admin to override:
+ # e.g. dpkg-statoverride --add root staff 2775 /usr/local/share/ca-certificates
+ elif ! dpkg-statoverride --list /usr/local/share/ca-certificates >/dev/null; then
+ chmod $(stat -L -c %a /usr/local) /usr/local/share/ca-certificates || true
+ chown $(stat -L -c %u /usr/local):$(stat -L -c %g /usr/local) /usr/local/share/ca-certificates || true
+ fi
+
+ . /usr/share/debconf/confmodule
+ db_version 2.0
+ db_capb multiselect
+ db_metaget ca-certificates/enable_crts choices
+ CERTS_AVAILABLE="$RET"
+ db_get ca-certificates/enable_crts
+ CERTS_ENABLED="$RET"
+ # XXX unmark seen for next configuration
+ db_fset ca-certificates/new_crts seen false
+ db_stop || true
+ if test -f /etc/ca-certificates.conf; then
+ # XXX: while in subshell?
+ while read line
+ do
+ if echo "$line" | grep -q '^#'; then
+ echo "$line"
+ else
+ case "$line" in
+ !*) ca=$(echo "$line" | sed -e 's/^!//');;
+ *) ca="$line";;
+ esac
+ if memberp "$ca" "$CERTS_ENABLED"; then
+ echo "$ca"
+ # CERTS_ENABLED=$(delca "$ca" "$CERTS_ENABLED")
+ elif memberp "$ca" "$CERTS_AVAILABLE" ||
+ echo "$line" | grep -q '^!'; then
+ echo "!$ca"
+ elif [ -f /usr/share/ca-certificates/"$ca" ] || \
+ [ -f /usr/local/share/ca-certificates/"$ca" ]; then
+ echo "$ca"
+ else
+ echo "!$ca"
+ fi
+ # CERTS_AVAILABLE=$(delca "$ca" "$CERTS_AVAILABLE")
+ fi
+ done < /etc/ca-certificates.conf > /etc/ca-certificates.conf.dpkg-new
+ if echo "$CERTS_ENABLED" | egrep -q "^([[:space:]]*,)*[[:space:]]*$"; then
+ :
+ else
+ each_value "$CERTS_ENABLED" | while read ca
+ do
+ if grep -q "^$ca" /etc/ca-certificates.conf.dpkg-new; then
+ :
+ else
+ echo "$ca" >> /etc/ca-certificates.conf.dpkg-new
+ fi
+ done
+ fi
+ each_value "$CERTS_AVAILABLE" | while read ca
+ do
+ if memberp "$ca" "$CERTS_ENABLED"; then
+ :
+ elif grep -q "^!$ca" /etc/ca-certificates.conf.dpkg-new; then
+ :
+ else
+ echo "!$ca" >> /etc/ca-certificates.conf.dpkg-new
+ fi
+ done
+ if cmp -s /etc/ca-certificates.conf /etc/ca-certificates.conf.dpkg-new; then
+ rm -f /etc/ca-certificates.conf.dpkg-new
+ else
+ mv -f /etc/ca-certificates.conf /etc/ca-certificates.conf.dpkg-old
+ mv /etc/ca-certificates.conf.dpkg-new /etc/ca-certificates.conf
+ fi
+ else
+ # new file
+ cat > /etc/ca-certificates.conf <<EOF
+# This file lists certificates that you wish to use or to ignore to be
+# installed in /etc/ssl/certs.
+# update-ca-certificates(8) will update /etc/ssl/certs by reading this file.
+#
+# This is autogenerated by dpkg-reconfigure ca-certificates.
+# Certificates should be installed under /usr/share/ca-certificates
+# and files with extension '.crt' is recognized as available certs.
+#
+# line begins with # is comment.
+# line begins with ! is certificate filename to be deselected.
+#
+EOF
+ (echo $CERTS_ENABLED | tr ',' '\n'; \
+ echo $CERTS_AVAILABLE | tr ',' '\n') | \
+ sed -e 's/^[[:space:]]*//' | \
+ sort | uniq -c | \
+ sed -e 's/^[[:space:]]*2[[:space:]]*//' \
+ -e 's/^[[:space:]]*1[[:space:]]*/!/' \
+ >> /etc/ca-certificates.conf
+ fi
+ # update /etc/ssl/certs without running the hooks
+ # fix bogus symlink to ca-certificates.crt on upgrades; see
+ # Debian #643667; drop after wheezy
+ if dpkg --compare-versions "$2" lt-nl 20111025; then
+ update-ca-certificates --hooksdir "" --fresh
+ else
+ update-ca-certificates --hooksdir ""
+ fi
+ # deferred update of /etc/ssl/certs including running the hooks
+ dpkg-trigger --no-await update-ca-certificates
+ ;;
+
+ triggered)
+ for trigger in $2; do
+ case "$trigger" in
+ update-ca-certificates)
+ update-ca-certificates
+ ;;
+ update-ca-certificates-fresh)
+ update-ca-certificates --fresh
+ ;;
+ *)
+ echo "postinst called with unknown trigger \`$2'">&2
+ exit 1
+ ;;
+ esac;
+ done;
+ ;;
+
+ abort-upgrade|abort-remove|abort-deconfigure)
+
+ ;;
+
+ *)
+ echo "postinst called with unknown argument \`$1'" >&2
+ exit 1
+ ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
+
+
diff --git a/debian/ca-certificates.postrm b/debian/ca-certificates.postrm
new file mode 100644
index 0000000..11759fe
--- /dev/null
+++ b/debian/ca-certificates.postrm
@@ -0,0 +1,65 @@
+#! /bin/sh
+# postrm script for ca-certificates
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+# * <postrm> `remove'
+# * <postrm> `purge'
+# * <old-postrm> `upgrade' <new-version>
+# * <new-postrm> `failed-upgrade' <old-version>
+# * <new-postrm> `abort-install'
+# * <new-postrm> `abort-install' <old-version>
+# * <new-postrm> `abort-upgrade' <old-version>
+# * <disappearer's-postrm> `disappear' <r>overwrit>r> <new-version>
+# for details, see /usr/share/doc/packaging-manual/
+
+# Clear the debconf database as early as possible and signal debconf that
+# we are done with it.
+if [ "$1" = purge ] && [ -e /usr/share/debconf/confmodule ]; then
+ . /usr/share/debconf/confmodule
+ db_purge
+ db_stop
+fi
+
+remove_dangling_symlinks() {
+ if ! [ -d /etc/ssl/certs ]
+ then
+ return
+ fi
+ echo -n "Removing dangling symlinks from /etc/ssl/certs... "
+ find /etc/ssl/certs -type l -print | while read h
+ do
+ test -f "$h" || rm -f "$h"
+ done
+ echo "done."
+}
+
+case "$1" in
+ remove)
+ remove_dangling_symlinks
+ rmdir /usr/local/share/ca-certificates 2>/dev/null || true
+ ;;
+
+ purge)
+ rm -f /etc/ssl/certs/ca-certificates.crt
+ remove_dangling_symlinks
+ rm -f /etc/ca-certificates.conf*
+ ;;
+
+ upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
+ ;;
+
+ *)
+ echo "postrm called with unknown argument \`$1'" >&2
+ exit 1
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+
diff --git a/debian/ca-certificates.triggers b/debian/ca-certificates.triggers
new file mode 100644
index 0000000..845da6e
--- /dev/null
+++ b/debian/ca-certificates.triggers
@@ -0,0 +1,2 @@
+interest update-ca-certificates
+interest update-ca-certificates-fresh
diff --git a/debian/changelog b/debian/changelog
new file mode 100644
index 0000000..764b3f0
--- /dev/null
+++ b/debian/changelog
@@ -0,0 +1,1440 @@
+ca-certificates (20240203) unstable; urgency=medium
+
+ [ Jeffrey Walton ]
+ * update-ca-certificates man page updates
+ * fix shellcheck warnings (closes: #1058658, #981663)
+
+ [ Gioele Barabucci ]
+ * Use standard dh sequence (closes: #1050112)
+
+ [ Julien Cristau ]
+ * Update Mozilla certificate authority bundle to version 2.64
+ The following certificate authorities were added (+):
+ + Atos TrustedRoot Root CA ECC TLS 2021
+ + Atos TrustedRoot Root CA RSA TLS 2021
+ + BJCA Global Root CA1
+ + BJCA Global Root CA2
+ + CommScope Public Trust ECC Root-01
+ + CommScope Public Trust ECC Root-02
+ + CommScope Public Trust RSA Root-01
+ + CommScope Public Trust RSA Root-02
+ + Sectigo Public Server Authentication Root E46
+ + Sectigo Public Server Authentication Root R46
+ + SSL.com TLS ECC Root CA 2022
+ + SSL.com TLS RSA Root CA 2022
+ + TrustAsia Global Root CA G3
+ + TrustAsia Global Root CA G4
+ The following certificate authorities were removed (-):
+ - Autoridad de Certificacion Firmaprofesional CIF A62634068
+ - E-Tugra Certification Authority (closes: #1032916)
+ - E-Tugra Global Root CA ECC v3
+ - E-Tugra Global Root CA RSA v3
+ - Hongkong Post Root CA 1
+ - TrustCor ECA-1
+ - TrustCor RootCert CA-1
+ - TrustCor RootCert CA-2 (closes: #1023945)
+
+ -- Julien Cristau <jcristau@debian.org> Sun, 04 Feb 2024 10:41:43 +0100
+
+ca-certificates (20230311) unstable; urgency=medium
+
+ [ Đoàn Trần Công Danh ]
+ * ca-certificates: compat with non-GNU mktemp (closes: #1000847)
+
+ [ Ilya Lipnitskiy ]
+ * certdata2pem.py: use UTC time when checking cert validity
+
+ [ Julien Cristau ]
+ * Update Mozilla certificate authority bundle to version 2.60
+ The following certificate authorities were added (+):
+ + "Autoridad de Certificacion Firmaprofesional CIF A62634068"
+ + "Certainly Root E1"
+ + "Certainly Root R1"
+ + "D-TRUST BR Root CA 1 2020"
+ + "D-TRUST EV Root CA 1 2020"
+ + "DigiCert TLS ECC P384 Root G5"
+ + "DigiCert TLS RSA4096 Root G5"
+ + "E-Tugra Global Root CA ECC v3"
+ + "E-Tugra Global Root CA RSA v3"
+ + "HARICA TLS ECC Root CA 2021"
+ + "HARICA TLS RSA Root CA 2021"
+ + "HiPKI Root CA - G1"
+ + "ISRG Root X2"
+ + "Security Communication ECC RootCA1"
+ + "Security Communication RootCA3"
+ + "Telia Root CA v2"
+ + "TunTrust Root CA"
+ + "vTrus ECC Root CA"
+ + "vTrus Root CA"
+ The following certificate authorities were removed (-):
+ - "Cybertrust Global Root" (expired)
+ - "EC-ACC"
+ - "GlobalSign Root CA - R2" (expired)
+ - "Hellenic Academic and Research Institutions RootCA 2011"
+ - "Network Solutions Certificate Authority"
+ - "Staat der Nederlanden EV Root CA" (expired)
+ * Drop trailing space from debconf template causing misformatting
+ (closes: #980821)
+
+ [ Wataru Ashihara ]
+ * Make certdata2pem.py compatible with cryptography >= 35 (closes: #1008244)
+
+ -- Julien Cristau <jcristau@debian.org> Sat, 11 Mar 2023 09:47:05 +0100
+
+ca-certificates (20211016) unstable; urgency=low
+
+ [ Michael Shuler ]
+ * Fix error on install when TEMPBUNDLE missing. Closes: #996005
+
+ -- Julien Cristau <jcristau@debian.org> Sat, 16 Oct 2021 18:09:43 +0200
+
+ca-certificates (20211004) unstable; urgency=low
+
+ [ Debian Janitor ]
+ * Fix day-of-week for changelog entry 20090624.
+
+ [ Julien Cristau ]
+ * Create temporary ca-certificates.crt on the same file system.
+ Closes: #923784
+ * Don't remove ca-certificates.crt before updating it, so it doesn't
+ go missing for a short while (closes: #920348). Thanks, Dimitris
+ Aragiorgis!
+ * Bump package priority from optional to standard.
+ * mozilla/{certdata.txt,nssckbi.h}: Update Mozilla certificate authority
+ bundle to version 2.50
+ The following certificate authorities were added (+):
+ + "AC RAIZ FNMT-RCM SERVIDORES SEGUROS"
+ + "GlobalSign Root R46"
+ + "GlobalSign Root E46"
+ + "GLOBALTRUST 2020"
+ + "ANF Secure Server Root CA"
+ + "Certum EC-384 CA"
+ + "Certum Trusted Root CA"
+ The following certificate authorities were removed (-):
+ - "QuoVadis Root CA"
+ - "Sonera Class 2 Root CA"
+ - "GeoTrust Primary Certification Authority - G2"
+ - "VeriSign Universal Root Certification Authority"
+ - "Chambers of Commerce Root - 2008"
+ - "Global Chambersign Root - 2008"
+ - "Trustis FPS Root CA"
+ - "Staat der Nederlanden Root CA - G3"
+ * Blacklist expired root certificate "DST Root CA X3" (closes: #995432)
+ * mozilla/certdata2pem.py: print a warning for expired certificates.
+
+ -- Julien Cristau <jcristau@debian.org> Thu, 07 Oct 2021 17:12:47 +0200
+
+ca-certificates (20210119) unstable; urgency=medium
+
+ [ Julien Cristau ]
+ * New maintainer (closes: #976406)
+ * mozilla/{certdata.txt,nssckbi.h}: Update Mozilla certificate authority
+ bundle to version 2.46.
+ The following certificate authorities were added (+):
+ + "certSIGN ROOT CA G2"
+ + "e-Szigno Root CA 2017"
+ + "Microsoft ECC Root Certificate Authority 2017"
+ + "Microsoft RSA Root Certificate Authority 2017"
+ + "NAVER Global Root Certification Authority"
+ + "Trustwave Global Certification Authority"
+ + "Trustwave Global ECC P256 Certification Authority"
+ + "Trustwave Global ECC P384 Certification Authority"
+ The following certificate authorities were removed (-):
+ - "EE Certification Centre Root CA"
+ - "GeoTrust Universal CA 2"
+ - "LuxTrust Global Root 2"
+ - "OISTE WISeKey Global Root GA CA"
+ - "Staat der Nederlanden Root CA - G2" (closes: #962079)
+ - "Taiwan GRCA"
+ - "Verisign Class 3 Public Primary Certification Authority - G3"
+
+ [ Michael Shuler ]
+ * mozilla/blacklist:
+ Revert Symantec CA blacklist (#911289). Closes: #962596
+ The following root certificates were added back (+):
+ + "GeoTrust Primary Certification Authority - G2"
+ + "VeriSign Universal Root Certification Authority"
+
+ [ Gianfranco Costamagna ]
+ * debian/{rules,control}:
+ Merge Ubuntu patch from Matthias Klose to use Python3 during build.
+ Closes: #942915
+
+ -- Julien Cristau <jcristau@debian.org> Tue, 19 Jan 2021 11:11:04 +0100
+
+ca-certificates (20200601) unstable; urgency=medium
+
+ * debian/control:
+ Set Standards-Version: 4.5.0.2
+ Set Build-Depends: debhelper-compat (= 13)
+ * debian/copyright:
+ Replace tabs in license text
+ * mozilla/{certdata.txt,nssckbi.h}:
+ Update Mozilla certificate authority bundle to version 2.40.
+ Closes: #956411, #955038
+ * mozilla/blacklist.txt
+ Add distrusted Symantec CA list to blacklist for explicit removal.
+ Closes: #911289
+ Blacklist expired root certificate, "AddTrust External Root"
+ Closes: #961907
+ The following certificate authorities were added (+):
+ + "Certigna Root CA"
+ + "emSign ECC Root CA - C3"
+ + "emSign ECC Root CA - G3"
+ + "emSign Root CA - C1"
+ + "emSign Root CA - G1"
+ + "Entrust Root Certification Authority - G4"
+ + "GTS Root R1"
+ + "GTS Root R2"
+ + "GTS Root R3"
+ + "GTS Root R4"
+ + "Hongkong Post Root CA 3"
+ + "UCA Extended Validation Root"
+ + "UCA Global G2 Root"
+ The following certificate authorities were removed (-):
+ - "AddTrust External Root"
+ - "Certinomis - Root CA"
+ - "Certplus Class 2 Primary CA"
+ - "Deutsche Telekom Root CA 2"
+ - "GeoTrust Global CA"
+ - "GeoTrust Primary Certification Authority"
+ - "GeoTrust Primary Certification Authority - G2"
+ - "GeoTrust Primary Certification Authority - G3"
+ - "GeoTrust Universal CA"
+ - "thawte Primary Root CA"
+ - "thawte Primary Root CA - G2"
+ - "thawte Primary Root CA - G3"
+ - "VeriSign Class 3 Public Primary Certification Authority - G4"
+ - "VeriSign Class 3 Public Primary Certification Authority - G5"
+ - "VeriSign Universal Root Certification Authority"
+
+ -- Michael Shuler <michael@pbandjelly.org> Mon, 01 Jun 2020 11:45:49 -0500
+
+ca-certificates (20190110) unstable; urgency=high
+
+ * debian/control:
+ Depend on openssl (>= 1.1.1).
+ Set Standards-Version: 4.3.0.1.
+ Set Build-Depends: debhelper-compat (= 12); drop d/compat
+ Remove trailing whitespace from d/changelog.
+ * debian/ca-certificates.postinst:
+ Fix permissions on /usr/local/share/ca-certificates when using symlinks.
+ Closes: #916833
+ * sbin/update-ca-certificates:
+ Remove orphan symlinks found in /etc/ssl/certs to prevent `openssl
+ rehash` from exiting with an error. Closes: #895482, #895473
+ This will also fix removal of user CA certificates from /usr/local without
+ needing to run --fresh. Closes: #911303
+ * mozilla/{certdata.txt,nssckbi.h}:
+ Update Mozilla certificate authority bundle to version 2.28.
+ The following certificate authorities were added (+):
+ + "GlobalSign Root CA - R6"
+ + "OISTE WISeKey Global Root GC CA"
+ The following certificate authorities were removed (-):
+ - "Certplus Root CA G1"
+ - "Certplus Root CA G2"
+ - "OpenTrust Root CA G1"
+ - "OpenTrust Root CA G2"
+ - "OpenTrust Root CA G3"
+ - "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5"
+ - "Visa eCommerce Root"
+
+ -- Michael Shuler <michael@pbandjelly.org> Thu, 10 Jan 2019 19:31:31 -0600
+
+ca-certificates (20180409) unstable; urgency=medium
+
+ [ Michael Shuler ]
+ * mozilla/{certdata.txt,nssckbi.h}:
+ Update Mozilla certificate authority bundle to version 2.22.
+ The following certificate authorities were added (+):
+ + "GDCA TrustAUTH R5 ROOT"
+ + "SSL.com EV Root Certification Authority ECC"
+ + "SSL.com EV Root Certification Authority RSA R2"
+ + "SSL.com Root Certification Authority ECC"
+ + "SSL.com Root Certification Authority RSA"
+ + "TrustCor ECA-1"
+ + "TrustCor RootCert CA-1"
+ + "TrustCor RootCert CA-2"
+ The following certificate authorities were removed (-):
+ - "ACEDICOM Root"
+ - "AddTrust Low-Value Services Root"
+ - "AddTrust Public Services Root"
+ - "AddTrust Qualified Certificates Root"
+ - "CA Disig Root R1"
+ - "CNNIC ROOT"
+ - "Camerfirma Chambers of Commerce Root"
+ - "Camerfirma Global Chambersign Root"
+ - "Certinomis - Autorité Racine"
+ - "Certum Root CA"
+ - "China Internet Network Information Center EV Certificates Root"
+ - "Comodo Secure Services root"
+ - "Comodo Trusted Services root"
+ - "DST ACES CA X6"
+ - "GeoTrust Global CA 2"
+ - "PSCProcert"
+ - "Security Communication EV RootCA1"
+ - "Swisscom Root CA 1"
+ - "Swisscom Root CA 2"
+ - "Swisscom Root EV CA 2"
+ - "TURKTRUST Certificate Services Provider Root 2007"
+ - "TUBITAK UEKAE Kok Sertifika Hizmet Saglayicisi - Surum 3"
+ - "UTN USERFirst Hardware Root CA"
+ * mozilla/blacklist.txt
+ Update blacklist to remove certificates no longer in certdata.txt and
+ explicitly ignore distrusted certificates.
+ * debian/copyright:
+ Fix lintian insecure-copyright-format-uri with https URL.
+ * debian/changelog:
+ Fix lintian file-contains-trailing-whitespace.
+ * debian/{compat,control}:
+ Set to debhelper compat 11.
+ * Update openssl dependency to >= 1.1.0 to support `openssl rehash` and drop
+ usage of `c_rehash` script. Closes: #895075
+
+ [ Thijs Kinkhorst ]
+ * Remove Christian Perrier from uploaders at his request (closes: #894070).
+ * Checked for policy 4.1.4, no changes.
+
+ -- Michael Shuler <michael@pbandjelly.org> Mon, 09 Apr 2018 18:43:49 -0500
+
+ca-certificates (20170717) unstable; urgency=medium
+
+ * Update to Standards-Version: 4.0.1
+ * debian/ca-certificates.postinst:
+ Prevent postinst failure on read-only /usr/local. Closes: #843722
+ * mozilla/certdata2pem.py:
+ Remove email-only roots from mozilla trust store. Closes: #721976
+ * mozilla/{certdata.txt,nssckbi.h}:
+ Update Mozilla certificate authority bundle to version 2.14.
+ Closes: #858064
+ The following certificate authorities were added (+):
+ + "AC RAIZ FNMT-RCM"
+ + "Amazon Root CA 1"
+ + "Amazon Root CA 2"
+ + "Amazon Root CA 3"
+ + "Amazon Root CA 4"
+ + "D-TRUST Root CA 3 2013"
+ + "LuxTrust Global Root 2"
+ + "TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1"
+ The following certificate authorities were removed (-):
+ - "AC Raiz Certicamara S.A."
+ - "ApplicationCA - Japanese Government"
+ - "Buypass Class 2 CA 1"
+ - "ComSign CA"
+ - "EBG Elektronik Sertifika Hizmet Saglayicisi"
+ - "Equifax Secure CA"
+ - "Equifax Secure eBusiness CA 1"
+ - "Equifax Secure Global eBusiness CA"
+ - "IGC/A"
+ - "Juur-SK"
+ - "Microsec e-Szigno Root CA"
+ - "Root CA Generalitat Valenciana"
+ - "RSA Security 2048 v3"
+ - "S-TRUST Authentication and Encryption Root CA 2005 PN"
+ - "S-TRUST Universal Root CA"
+ - "SwissSign Platinum CA - G2"
+ - "TC TrustCenter Class 3 CA II"
+ - "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6"
+ - "UTN USERFirst Email Root CA"
+ - "Verisign Class 1 Public Primary Certification Authority"
+ - "Verisign Class 1 Public Primary Certification Authority - G3"
+ - "Verisign Class 2 Public Primary Certification Authority - G2"
+ - "Verisign Class 2 Public Primary Certification Authority - G3"
+ - "Verisign Class 3 Public Primary Certification Authority"
+ - "WellsSecure Public Root Certificate Authority"
+
+ -- Michael Shuler <michael@pbandjelly.org> Thu, 20 Jul 2017 00:18:08 -0500
+
+ca-certificates (20161130+nmu1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Add StartCom and WoSign certificates to mozilla/blacklist.txt as they are
+ now untrusted by the major browser vendors. Closes: #858539
+
+ -- Chris Lamb <lamby@debian.org> Fri, 19 May 2017 16:53:16 +0200
+
+ca-certificates (20161130) unstable; urgency=medium
+
+ [ Philipp Kern ]
+ * Add ca-certificates udeb package. Closes: #845456
+
+ [ Michael Shuler ]
+ * debian/{compat,control}:
+ Update to compat level 10 and debhelper (>= 10)
+ Shorten package description.
+ * debian/po/id.po
+ Update Indonesian debconf translation file for build time line reorder
+
+ -- Michael Shuler <michael@pbandjelly.org> Wed, 30 Nov 2016 21:20:53 -0600
+
+ca-certificates (20161102) unstable; urgency=medium
+
+ [ Michael Shuler ]
+ * debian/control:
+ Update to Standards-Version: 3.9.8
+ Update to Vcs-Browser/Vcs-Git: https URLs
+ * mozilla/{certdata.txt,nssckbi.h}:
+ Update Mozilla certificate authority bundle to version 2.9.
+ Thanks for the initial 2.7 patch, Jonathan Wiltshire. Closes: #828845
+ The following certificate authorities were added (+):
+ + "Certplus Root CA G1"
+ + "Certplus Root CA G2"
+ + "Certum Trusted Network CA 2"
+ + "Hellenic Academic and Research Institutions ECC RootCA 2015"
+ + "Hellenic Academic and Research Institutions RootCA 2015"
+ + "ISRG Root X1"
+ + "OpenTrust Root CA G1"
+ + "OpenTrust Root CA G2"
+ + "OpenTrust Root CA G3"
+ + "SZAFIR ROOT CA2"
+ The following certificate authorities were removed (-):
+ - "CA Disig"
+ - "NetLock Business (Class B) Root"
+ - "NetLock Express (Class C) Root"
+ - "NetLock Notary (Class A) Root"
+ - "NetLock Qualified (Class QA) Root"
+ - "Sonera Class 1 Root CA"
+ - "Staat der Nederlanden Root CA"
+ - "Verisign Class 1 Public Primary Certification Authority - G2"
+ - "Verisign Class 3 Public Primary Certification Authority"
+ - "Verisign Class 3 Public Primary Certification Authority - G2"
+
+ [ Andreas Beckmann ]
+ * debian/postinst:
+ Run update-certificates without hooks to initially populate
+ /etc/ssl/certs. (The hooks are deferred to the noawait trigger.)
+ Closes: #825730
+
+ [ Izharul Haq ]
+ * debian/po/id.po:
+ Add Indonesian debconf translation. Thank you, Izharul! Closes: #835156
+
+ -- Michael Shuler <michael@pbandjelly.org> Wed, 02 Nov 2016 21:15:03 -0500
+
+ca-certificates (20160104) unstable; urgency=medium
+
+ * debian/rules:
+ Sort certificate list for reproducible builds. Closes: #808711
+ * mozilla/certdata2pem.py:
+ Drop old CK*_NETSCAPE trust flag checks
+
+ -- Michael Shuler <michael@pbandjelly.org> Mon, 04 Jan 2016 11:08:26 -0600
+
+ca-certificates (20151214) unstable; urgency=medium
+
+ * Removed SPI CA. Closes: #796208
+ * debian/{compat,control}:
+ Updated d/compat to version 9 and updated Build-Depends.
+ * debian/postinst:
+ Handle /usr/local/share/ca-certificates permissions and ownership on
+ upgrade. Closes: #611501
+ * mozilla/certdata2pem.py:
+ Add Python 3 support to ca-certificates.
+ Thanks to Andrew Wilcox and Richard Ipsum for the patch! Closes: #789753
+ * sbin/update-ca-certificates:
+ Update local certificates directory when calling --fresh.
+ Thanks for the patch, Daniel Lutz! Closes: #783615
+ * mozilla/{certdata.txt,nssckbi.h}:
+ Update Mozilla certificate authority bundle to version 2.6.
+ The following certificate authorities were added (+):
+ + "CA WoSign ECC Root"
+ + "Certification Authority of WoSign G2"
+ + "Certinomis - Root CA"
+ + "OISTE WISeKey Global Root GB CA"
+ + "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5"
+ + "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6"
+ The following certificate authorities were removed (-):
+ - "A-Trust-nQual-03"
+ - "Buypass Class 3 CA 1"
+ - "ComSign Secured CA"
+ - "Digital Signature Trust Co. Global CA 1"
+ - "Digital Signature Trust Co. Global CA 3"
+ - "SG TRUST SERVICES RACINE"
+ - "TC TrustCenter Class 2 CA II"
+ - "TC TrustCenter Universal CA I"
+ - "TURKTRUST Certificate Services Provider Root 1"
+ - "TURKTRUST Certificate Services Provider Root 2"
+ - "UTN DATACorp SGC Root CA"
+ - "Verisign Class 4 Public Primary Certification Authority - G3"
+
+ -- Michael Shuler <michael@pbandjelly.org> Mon, 14 Dec 2015 18:51:50 -0600
+
+ca-certificates (20150426) unstable; urgency=medium
+
+ * debian/postinst:
+ Set mode and group of /usr/local/share/ca-certificates based on current
+ /usr/local permissions and ownership. Closes: #611501
+ * sbin/update-ca-certificates:
+ Allow customisation of the paths used by update-ca-certificates.
+ Add an option to set the certs in a directory to the defaults.
+ Thanks for the patches, Paul Wise. Closes: #774059, #774201
+ Fix shellcheck warnings and a little indentation.
+ * sbin/update-ca-certificates.8:
+ Correct concatenated file name in man page from certificates.crt to
+ ca-certificates.crt. Closes: #782230
+ * mozilla/{certdata.txt,nssckbi.h}:
+ Update Mozilla certificate authority bundle to version 2.4.
+ The following certificate authorities were added (+):
+ + "CFCA EV ROOT"
+ + "COMODO RSA Certification Authority"
+ + "Entrust Root Certification Authority - EC1"
+ + "Entrust Root Certification Authority - G2"
+ + "GlobalSign ECC Root CA - R4"
+ + "GlobalSign ECC Root CA - R5"
+ + "IdenTrust Commercial Root CA 1"
+ + "IdenTrust Public Sector Root CA 1"
+ + "S-TRUST Universal Root CA"
+ + "Staat der Nederlanden EV Root CA"
+ + "Staat der Nederlanden Root CA - G3"
+ + "USERTrust ECC Certification Authority"
+ + "USERTrust RSA Certification Authority" Closes: #762709
+ The following certificate authorities were removed (-):
+ - "America Online Root Certification Authority 1"
+ - "America Online Root Certification Authority 2"
+ - "E-Guven Kok Elektronik Sertifika Hizmet Saglayicisi"
+ - "GTE CyberTrust Global Root"
+ - "Thawte Premium Server CA"
+ - "Thawte Server CA"
+
+ -- Michael Shuler <michael@pbandjelly.org> Sun, 26 Apr 2015 10:37:48 -0500
+
+ca-certificates (20141019) unstable; urgency=medium
+
+ * debian/copyright:
+ Add coverage for all files reported by lintian
+ file-without-copyright-information warning.
+ * debian/source/lintian-overrides:
+ Add file-without-copyright-information override for SPI certificate file.
+ * sbin/update-ca-certificates:
+ Restore SELinux label after generating ca-certificates.crt file.
+ Thanks to Laurent Bigonville for the patch. Closes: #742957
+ Tidy indentation whitespace.
+ Thanks to Antonio Terceiro for the patch. Closes: #742663
+ * debian/control:
+ Update to Standards-Version: 3.9.6 (no other changes needed).
+ Update Vcs-Browser link to cgit URL.
+
+ -- Michael Shuler <michael@pbandjelly.org> Sun, 19 Oct 2014 10:36:49 -0500
+
+ca-certificates (20140927) unstable; urgency=medium
+
+ * Update Mozilla certificate authority bundle to version 2.1.
+ The following certificate authorities were added (+):
+ + "DigiCert Assured ID Root G2"
+ + "DigiCert Assured ID Root G3"
+ + "DigiCert Global Root G2"
+ + "DigiCert Global Root G3"
+ + "DigiCert Trusted Root G4"
+ + "QuoVadis Root CA 1 G3"
+ + "QuoVadis Root CA 2 G3"
+ + "QuoVadis Root CA 3 G3"
+ + "WoSign"
+ + "WoSign China"
+ The following certificate authorities were removed (-):
+ - "Entrust.net Secure Server CA"
+ - "RSA Root Certificate 1"
+ - "TDC Internet Root CA"
+ - "ValiCert Class 1 VA"
+ - "ValiCert Class 2 VA"
+ * Include clear list of CAs added/removed, as above, and include better note
+ in README.Debian for trust reconfiguration. Closes: #743365
+ * Remove debian/config in debian/rules clean target.
+ * Include d/{changelog,NEWS} entries in 20140223 for duplicate CKA_LABEL
+ rename of "StartCom Certification Authority"_2.
+
+ -- Michael Shuler <michael@pbandjelly.org> Sat, 27 Sep 2014 15:14:00 -0500
+
+ca-certificates (20140325) unstable; urgency=medium
+
+ * Update mozilla/certdata.txt to version 1.97+revert_of_936304
+ Mozilla reverted the removal of 1024-bit root certificates for
+ Entrust.net, GTE CyberTrust, and ValiCert (RSA), but did not update the
+ version number in nssckbi.h.
+ Certificates added (+) (none removed):
+ + "Entrust.net Secure Server CA"
+ + "GTE CyberTrust Global Root"
+ + "RSA Root Certificate 1"
+ + "ValiCert Class 1 VA"
+ + "ValiCert Class 2 VA"
+
+ -- Michael Shuler <michael@pbandjelly.org> Tue, 25 Mar 2014 13:28:19 -0500
+
+ca-certificates (20140223) unstable; urgency=medium
+
+ * No longer ship cacert.org certificates. Closes: #718434, LP: #1258286
+ * Fix certdata2pem.py for multiple CAs using the same CKA_LABEL. Thanks
+ to Marc Deslauriers for the patch. Closes: #683403, LP: #1031333
+ * Sort local CA certificates on update-ca-certificates runs. Thanks to
+ Vaclav Ovsik for the suggestion and patch. Closes: #727136
+ * Add trailing newline to certificate, if it is missing. Closes: #635570
+ * Update mozilla/certdata.txt to version 1.97.
+ Certificates added (+), removed (-), and renamed (~):
+ + "ACCVRAIZ1"
+ + "Atos TrustedRoot 2011"
+ + "E-Tugra Certification Authority"
+ + "SG TRUST SERVICES RACINE"
+ + "StartCom Certification Authority"
+ ~ "StartCom Certification Authority"_2
+ (both StartCom CAs now included with duplicate CKA_LABEL fix)
+ + "T-TeleSec GlobalRoot Class 2"
+ + "TWCA Global Root CA"
+ + "TeliaSonera Root CA v1"
+ + "Verisign Class 3 Public Primary Certification Authority"
+ ~ "Verisign Class 3 Public Primary Certification Authority"_2
+ (both Verisign Class 3 CAs now included with duplicate CKA_LABEL fix)
+ - "Entrust.net Secure Server CA"
+ - "Firmaprofesional Root CA"
+ - "GTE CyberTrust Global Root"
+ - "RSA Root Certificate 1"
+ - "TDC OCES Root CA"
+ - "ValiCert Class 1 VA"
+ - "ValiCert Class 2 VA"
+ - "Wells Fargo Root CA"
+
+ -- Michael Shuler <michael@pbandjelly.org> Sun, 23 Feb 2014 23:22:29 -0600
+
+ca-certificates (20130906) unstable; urgency=low
+
+ * Add ca-certificates-local source package example to documentation
+ * Update local certificate handling in README.Debian.
+ Closes: #718173, LP: #487845
+ * Update CA inclusion policy for ca-certificates in README.Debian. With
+ the exception of SPI and CAcert, only those CAs included in Mozilla's
+ trust store will be included in ca-certificates in Debian.
+ Closes: #647848, LP: #103074
+ * Clarify that not all software that uses SSL uses ca-certificates in
+ README.Debian. Closes: #664769
+ * Add mozilla/nssckbi.h to source, since certdata.txt no longer contains
+ a version number.
+ * Update debian/copyright to "Copyright: Mozilla Contributors" for
+ mozilla/{certdata.txt,nssckbi.h}.
+ * Update mozilla/certdata.txt to version 1.94
+ Certificates added (+) and removed (-):
+ + "CA Disig Root R1"
+ + "CA Disig Root R2"
+ + "China Internet Network Information Center EV Certificates Root"
+ + "D-TRUST Root Class 3 CA 2 2009"
+ + "D-TRUST Root Class 3 CA 2 EV 2009"
+ + "PSCProcert"
+ + "Swisscom Root CA 2"
+ + "Swisscom Root EV CA 2"
+ + "TURKTRUST Certificate Services Provider Root 2007"
+ - "Equifax Secure eBusiness CA 2"
+ - "TC TrustCenter Universal CA III"
+
+ -- Michael Shuler <michael@pbandjelly.org> Fri, 06 Sep 2013 11:31:06 -0500
+
+ca-certificates (20130610) unstable; urgency=low
+
+ [ Michael Shuler ]
+ * Install CAcert root and class3 certificates individually, no longer
+ installing the concatenation of the two. The individual certificates
+ are installed as cacert.org_root.crt and cacert.org_class3.crt for ease
+ of identification. Additionally, this allows openssl maintainers to drop
+ a problematic patch to c_rehash for handling multi-certificate files.
+ (see #642314) Closes: #692323
+ * Update Vcs-* fields for lintian vcs-field-not-canonical
+ * Update to machine-readable debian/copyright file v1.0
+
+ [ Thijs Kinkhorst ]
+ * Drop upgrading code for upgrades from Debian Etch and earlier.
+ * Remove obsolete debconf.org CA certificate. DebConf now uses an
+ intermediate certificate signed by SPI. (Closes: #693405)
+ * Remove obsolete SPI CA certiticate.
+ * Update Standards-Version: 3.9.4 (no changes needed)
+ * Clean up man page (LP: #850997).
+
+ -- Thijs Kinkhorst <thijs@debian.org> Mon, 10 Jun 2013 19:52:15 +0200
+
+ca-certificates (20130119) unstable; urgency=low
+
+ * Update mozilla/certdata.txt to version 1.87 Closes: #697366
+ Certificates removed (-) (none added):
+ - "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı"
+ * Remove unneeded and confusing usage of interest-noawait; remove unneeded
+ Pre-Depends on dpkg. Thanks to Guillem Jover for the help and patch.
+ Closes: #537051
+
+ -- Michael Shuler <michael@pbandjelly.org> Sat, 19 Jan 2013 14:02:09 -0600
+
+ca-certificates (20121114) unstable; urgency=low
+
+ [ Don Armstrong ]
+ * Breaks ca-certificates-java (<<20121112+nmu1); partially fixing #537051.
+ * Provide update-ca-certificates and update-ca-certificates-fresh
+ triggers.
+ * Call the triggers using no-await so that the configuration files from
+ the newer version of ca-certificates-java are in places before the
+ upgrade. Closes: #537051.
+
+ [ Michael Shuler ]
+ * Add note to previous mozilla/certdata.txt changelog entry to document
+ CKT_NSS_MUST_VERIFY_TRUST changes.
+
+ -- Michael Shuler <michael@pbandjelly.org> Wed, 14 Nov 2012 23:58:59 -0600
+
+ca-certificates (20121105) unstable; urgency=low
+
+ * Update mozilla/certdata.txt to version 1.86 Closes: #683728
+ - Replace legacy "no explicit trust" flag of CKT_NSS_TRUST_UNKNOWN for
+ CKT_NSS_MUST_VERIFY_TRUST, instead of a mix of both flags:
+ https://bugzilla.mozilla.org/show_bug.cgi?id=757189
+ This upstream fix does not change the CA certificates installed in
+ ca-certificates as both flags are ignored. Only those CA certificates
+ with the CKT_NSS_TRUSTED_DELEGATOR flag in certdata.txt are installed.
+ Certificates added (+) (none removed):
+ + "Actalis Authentication Root CA"
+ + "Trustis FPS Root CA"
+ + "StartCom Certification Authority" (renewal/rehash)
+ + "StartCom Certification Authority G2"
+ + "Buypass Class 2 Root CA"
+ + "Buypass Class 3 Root CA"
+ + "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı"
+ + "T-TeleSec GlobalRoot Class 3"
+ + "EE Certification Centre Root CA"
+ * Correct piuparts package remove/purge behavior Closes: #682125
+ - Remove deletes of /etc/ssl{,/certs} from debian/postrm
+
+ -- Michael Shuler <michael@pbandjelly.org> Mon, 05 Nov 2012 10:56:05 -0600
+
+ca-certificates (20120623) unstable; urgency=low
+
+ * Add Polish translation, thanks to Michał Kułach. Closes: #660002
+ * Add Turkish translation, thanks to Atila KOÇ. Closes: #661785
+ * Correct update-ca-certificates(8) alignment Closes: #666932
+ * Add note to update-ca-certificates(8) about .crt extension needed for
+ CA certificates in /usr/local/share/ca-certificates Closes: #595279
+ * Update mozilla/certdata.txt to version 1.83
+ Mozilla Public License updated to v2.0
+ (no added/removed CAs)
+ * Update debian/copyright to:
+ - reflect MPL v2.0 update for mozilla/certdata.txt
+ - specify GPL-2 instead of GPL symlink
+ * Update debian/NEWS with added/removed certs from 20111211 and 20120212
+ * Update to Standards-Version: 3.9.3 (no changes needed)
+
+ -- Michael Shuler <michael@pbandjelly.org> Sat, 23 Jun 2012 09:16:54 -0500
+
+ca-certificates (20120212) unstable; urgency=low
+
+ * Update mozilla/certdata.txt to version 1.81
+ Certificates added (+) and removed (-):
+ + "Security Communication RootCA2"
+ + "EC-ACC"
+ + "Hellenic Academic and Research Institutions RootCA 2011"
+ - "Verisign Class 2 Public Primary Certification Authority"
+ - "Verisign Class 4 Public Primary Certification Authority - G2"
+ - "TC TrustCenter, Germany, Class 2 CA"
+ - "TC TrustCenter, Germany, Class 3 CA"
+ * Add notice to README.Debian deprecating CA inclusions and refer to
+ #647848 for Debian CA Certificate Policy discussion.
+
+ -- Michael Shuler <michael@pbandjelly.org> Sun, 12 Feb 2012 15:12:59 -0600
+
+ca-certificates (20111211) unstable; urgency=low
+
+ * Clarify CA audit note in package description and README.debian. Thanks
+ to C.J. Adams-Collier for the patch. Closes: #594383
+ * Remove French Government IGC/A CA certificates. The RSA certificate is
+ included in the Mozilla bundle and the DSA certificate is not in use.
+ Closes: #646767
+ * Remove expired signet.pl CAs. Closes: #647849
+ * Remove expired brasil.gov.br CA.
+ * Edit 20111025 changelog/NEWS entries to correctly list installed CAs
+ * Use 'set -e' in body of debian/postinst
+ * Update mozilla/certdata.txt to version 1.80
+ (no added/removed CAs)
+ * Update mozilla/certdata2pem.py to parse NETSCAPE or NSS data
+
+ -- Michael Shuler <michael@pbandjelly.org> Sun, 11 Dec 2011 19:05:32 -0600
+
+ca-certificates (20111025) unstable; urgency=low
+
+ [ Michael Shuler ]
+ * Add 3.0 (native) source format
+ * Add Vcs-Git/Browser fields
+ * Add myself as new Maintainer with Uploaders Closes: #588219
+ * Update mozilla/certdata.txt to latest (NSS branch version 1.64.2.13)
+ Certificates added (+) and removed (-):
+ + "AffirmTrust Commercial"
+ + "AffirmTrust Networking"
+ + "AffirmTrust Premium"
+ + "AffirmTrust Premium ECC"
+ + "A-Trust-nQual-03"
+ + "Certinomis - Autorité Racine"
+ + "Certum Trusted Network CA"
+ + "Go Daddy Root Certificate Authority - G2"
+ + "Root CA Generalitat Valenciana"
+ + "Starfield Root Certificate Authority - G2"
+ + "Starfield Services Root Certificate Authority - G2"
+ + "TWCA Root Certification Authority"
+ - "AOL Time Warner Root Certification Authority 1"
+ - "AOL Time Warner Root Certification Authority 2"
+ - "DigiNotar Root CA"
+ - "Entrust.net Global Secure Personal CA"
+ - "Entrust.net Global Secure Server CA"
+ - "Entrust.net Secure Personal CA"
+ - "IPS Chained CAs root"
+ - "IPS CLASE1 root"
+ - "IPS CLASE3 root"
+ - "IPS CLASEA1 root"
+ - "IPS CLASEA3 root"
+ - "IPS Timestamping root"
+ - "Thawte Personal Freemail CA"
+ - "Thawte Time Stamping CA"
+ * Update CAcert-Class 3-Subroot-certificate Closes: #630232
+
+ [ Steve Langasek ]
+ * sbin/update-ca-certificates: move the ca-certificates.crt bundle out of
+ the way before calling c_rehash, so that symlinks don't accidentally get
+ pointed here, breaking openssl certificate verification LP: #854927
+
+ [ Loïc Minier ]
+ * Drop bogus c_rehash on upgrades, which caused issue when
+ ca-certificates.crt was still in place; instead, call
+ update-ca-certificates --fresh on upgrades to this version, and
+ the usual update-ca-certificates otherwise Closes: #643667, #537382
+
+ -- Michael Shuler <michael@pbandjelly.org> Tue, 25 Oct 2011 09:12:10 -0500
+
+ca-certificates (20111022) unstable; urgency=low
+
+ * QA upload.
+ * Fix pending l10n issues. Debconf translations:
+ - German (Helge Kreutzmann). Closes: #634000
+ - French (Christian Perrier). Closes: #634092
+ - Russian (Yuri Kozlov). Closes: #635146
+ - Swedish (Martin Bagge / brother). Closes: #640622
+ - Slovak (Slavko). Closes: #641987
+ - Spanish; (Javier Fernández-Sanguino). Closes: #642359
+ - Japanese (Kenshi Muto). Closes: #644828
+ - Czech (Miroslav Kure). Closes: #644843
+ - Danish (Joe Hansen). Closes: #644854
+ - Italian (Luca Monducci). Closes: #645004
+ - Dutch; (Jeroen Schot). Closes: #645090
+ - Portuguese (Miguel Figueiredo). Closes: #645126
+ - Galician (Jorge Barreiro). Closes: #645138
+ - Catalan; (Jordi Mallach). Closes: #645182
+ - Brazilian Portuguese (Adriano Rafael Gomes). Closes: #645526
+ * Split Choices in debconf templates
+ * Add build-arch and build-indep build targets
+ * Bump debhelper compatibility level to 8
+ * Bump Standards to 3.9.2 (checked)
+ * Replace "dh_clean -k" by dh_prep
+
+ -- Christian Perrier <bubulle@debian.org> Sat, 22 Oct 2011 14:24:00 +0200
+
+ca-certificates (20110502+nmu1) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Blacklist "DigiNotar Root CA" (Closes: #639744)
+
+ -- Raphael Geissert <geissert@debian.org> Tue, 30 Aug 2011 21:00:55 -0500
+
+ca-certificates (20110502) unstable; urgency=low
+
+ * QA upload.
+ * Mark the package as multi-arch:foreign. (Closes: #622323)
+ * Use db_settitle in config script to allow translations of the
+ dialog title; thanks to Frans Pop. (Closes: #560314)
+
+ -- Philipp Kern <pkern@debian.org> Mon, 02 May 2011 19:27:50 +0200
+
+ca-certificates (20110421) unstable; urgency=low
+
+ * QA upload.
+ * Package is orphaned, set maintainer to QA group
+ * Depend on openssl 1.0.0 and force a call of c_rehash so that we have
+ both the old and new style of symlinks. (Closes: #611102)
+ * Remove libssl0.9.8 from enhances
+ * Update mozilla certdata.txt file to the latest version.
+ Removed:
+ - ABAecom_=sub.__Am._Bankers_Assn.=_Root_CA.crt
+ - beTRUSTed_Root_CA-Baltimore_Implementation.crt
+ - beTRUSTed_Root_CA.crt
+ - beTRUSTed_Root_CA_-_Entrust_Implementation.crt
+ - beTRUSTed_Root_CA_-_RSA_Implementation.crt
+ - Digital_Signature_Trust_Co._Global_CA_2.crt
+ - Digital_Signature_Trust_Co._Global_CA_4.crt
+ - Entrust.net_Global_Secure_Personal_CA.crt
+ - Entrust.net_Global_Secure_Server_CA.crt
+ - Entrust.net_Secure_Personal_CA.crt
+ - GTE_CyberTrust_Root_CA.crt
+ - IPS_Chained_CAs_root.crt
+ - IPS_CLASE1_root.crt
+ - IPS_CLASE3_root.crt
+ - IPS_CLASEA1_root.crt
+ - IPS_CLASEA3_root.crt
+ - IPS_Servidores_root.crt
+ - IPS_Timestamping_root.crt
+ - RSA_Security_1024_v3.crt
+ - StartCom_Ltd..crt
+ - Thawte_Personal_Basic_CA.crt
+ - Thawte_Personal_Premium_CA.crt
+ - UTN-USER_First-Network_Applications.crt
+ - Verisign_RSA_Secure_Server_CA.crt
+ - Verisign_Time_Stamping_Authority_CA.crt
+ - Visa_International_Global_Root_2.crt
+ Added:
+ - ACEDICOM_Root.crt
+ - AC_Raíz_Certicámara_S.A..crt
+ - ApplicationCA_-_Japanese_Government.crt
+ - Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt
+ - Buypass_Class_2_CA_1.crt
+ - Buypass_Class_3_CA_1.crt
+ - CA_Disig.crt
+ - Certigna.crt
+ - certSIGN_ROOT_CA.crt
+ - Chambers_of_Commerce_Root_-_2008.crt
+ - CNNIC_ROOT.crt
+ - ComSign_CA.crt
+ - ComSign_Secured_CA.crt
+ - Cybertrust_Global_Root.crt
+ - Deutsche_Telekom_Root_CA_2.crt
+ - EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.crt
+ - E-Guven_Kok_Elektronik_Sertifika_Hizmet_Saglayicisi.crt
+ - ePKI_Root_Certification_Authority.crt
+ - GeoTrust_Primary_Certification_Authority_-_G2.crt
+ - GeoTrust_Primary_Certification_Authority_-_G3.crt
+ - Global_Chambersign_Root_-_2008.crt
+ - GlobalSign_Root_CA_-_R3.crt
+ - Hongkong_Post_Root_CA_1.crt
+ - IGC_A.crt
+ - Izenpe.com.crt
+ - Juur-SK.crt
+ - Microsec_e-Szigno_Root_CA_2009.crt
+ - Microsec_e-Szigno_Root_CA.crt
+ - NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt
+ - OISTE_WISeKey_Global_Root_GA_CA.crt
+ - SecureSign_RootCA11.crt
+ - Security_Communication_EV_RootCA1.crt
+ - Staat_der_Nederlanden_Root_CA_-_G2.crt
+ - S-TRUST_Authentication_and_Encryption_Root_CA_2005_PN.crt
+ - TÜBİTAK_UEKAE_Kök_Sertifika_Hizmet_Sağlayıcısı_-_Sürüm_3.crt
+ - TC_TrustCenter_Class_2_CA_II.crt
+ - TC_TrustCenter_Class_3_CA_II.crt
+ - TC_TrustCenter_Universal_CA_I.crt
+ - TC_TrustCenter_Universal_CA_III.crt
+ - thawte_Primary_Root_CA_-_G2.crt
+ - thawte_Primary_Root_CA_-_G3.crt
+ - VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.crt
+ - VeriSign_Universal_Root_Certification_Authority.crt
+ Changed:
+ - Verisign_Class_1_Public_Primary_Certification_Authority.crt
+ - Verisign_Class_3_Public_Primary_Certification_Authority.crt
+ * Remove telesec.de/deutsche-telekom-root-ca-2.crt, now in mozilla.
+ * String decode the mozilla certdata.txt so the filenames show up as
+ proper UTF-8 strings.
+
+ -- Kurt Roeckx <kurt@roeckx.be> Thu, 21 Apr 2011 18:56:08 +0200
+
+ca-certificates (20090814+nmu3) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Fix pending l10n issues. Debconf translations:
+ - French (Christian Perrier). Closes: #594231
+ - Danish (Joe Hansen). Closes: #601129
+ - Catalan (Jordi Mallach). Closes: #601089
+ - Brazilian Portuguese (Adriano Rafael Gomes). Closes: #618633
+
+ -- Christian Perrier <bubulle@debian.org> Sat, 19 Mar 2011 07:47:00 +0100
+
+ca-certificates (20090814+nmu2) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Fixes buggy shell functions included in the postinst script.
+ (Closes: #591607)
+
+ -- Maximiliano Curia <maxy@debian.org> Fri, 13 Aug 2010 20:16:21 -0300
+
+ca-certificates (20090814+nmu1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Preserve user changes to the /etc/ca-certificates.conf.
+ (Closes: #514220)
+
+ -- Maximiliano Curia <maxy@debian.org> Fri, 30 Jul 2010 12:55:28 -0400
+
+ca-certificates (20090814) unstable; urgency=low
+
+ * Call Debconf and its db_purge as early as possible in postrm.
+ (Closes: #541275)
+
+ -- Philipp Kern <pkern@debian.org> Fri, 14 Aug 2009 11:10:00 +0200
+
+ca-certificates (20090709) unstable; urgency=low
+
+ * Fix purge by checking for `/etc/ssl/certs' first. (Closes: #536331)
+
+ -- Philipp Kern <pkern@debian.org> Thu, 09 Jul 2009 10:35:39 +0200
+
+ca-certificates (20090708) unstable; urgency=low
+
+ * Removed CA files:
+ - cacert.org/root.crt and cacert.org/class3.crt:
+ Both certificate files were deprecated with 20080809. Users of these
+ root certificates are encouraged to switch to
+ `cacert.org/cacert.org.crt' which contains both class 1 and class 3
+ roots joined in a single file.
+ - quovadis.bm/QuoVadis_Root_Certification_Authority.crt:
+ This certificate has been added into the Mozilla truststore and
+ is available as `mozilla/QuoVadis_Root_CA.crt'.
+ * Do not redirect c_rehash error messages to /dev/null.
+ (Closes: #495224)
+ * Remove dangling symlinks on purge, which also gets rid of the hash
+ symlink for ca-certificates.crt. (Closes: #475240)
+ * Use subshells when grepping for certificates in config, avoiding
+ SIGPIPE because of grep's immediate exit after it finds the pattern.
+ (Closes: #486737)
+ * Fix VERBOSE_ARG usage in update-ca-certificates. Thanks to
+ Robby Workman of Slackware.
+ * Updated Standards-Version and FSF portal address in the copyright file.
+
+ -- Philipp Kern <pkern@debian.org> Wed, 08 Jul 2009 23:19:56 +0200
+
+ca-certificates (20090701) unstable; urgency=low
+
+ * Reactivated "Equifax Secure Global eBusiness CA". (Closes: #534674)
+ Rationale: The rogue collision CA has its validity period in the past.
+ Thus it does not impose a risk upon us at the moment.
+ * Restrict search for local certificates to add on files ending with '.crt'.
+ * Canonicalize PEM names by applying the same set of substitions to
+ local and other certificates like the Mozilla certdata dumper does.
+
+ -- Philipp Kern <pkern@debian.org> Wed, 01 Jul 2009 14:50:00 +0200
+
+ca-certificates (20090624) unstable; urgency=low
+
+ * Allow local certificate installation. All certificates found
+ in `/usr/local/share/ca-certificates' will be automatically added
+ to the list of trusted certificates in `/etc/ssl/certs'.
+ (Closes: #352637, #419491, #473677, #476663, #511150)
+ * Updated Mozilla certificates from nss 3.12.3-1 (certdata.txt revision
+ 1.51):
+ + COMODO ECC Certification Authority
+ + DigiNotar Root CA
+ + Network Solutions Certificate Authority
+ + WellsSecure Public Root Certificate Authority
+ - Equifax Secure Global eBusiness CA
+ - UTN USERFirst Object Root CA
+ * Reimplemented the Mozilla certdata parser mainly to exclude explicitly
+ untrusted certificates. This led to the exclusion of the
+ "MD5 Collisions Forged Rogue CA 23c3" and its parent
+ "Equifax Secure Global eBusiness CA". Furthermore code signing-only
+ certificates are no longer included neither.
+ * Remove the purging of old PEM files in postinst dating back to
+ versions earlier than 20030414.
+ * Hooks are now called at every invocation of `update-ca-certificates'.
+ If no changes were done to `/etc/ssl/certs', the input for the
+ hooks will be empty, though. Failure exit codes of hooks will not
+ tear down the upgrade process anymore. They are printed but ignored.
+
+ -- Philipp Kern <pkern@debian.org> Wed, 24 Jun 2009 21:04:08 +0200
+
+ca-certificates (20081127) unstable; urgency=low
+
+ * Remove /etc/ssl{,/certs} in postrm to please piuparts. (Closes:
+ #454334)
+
+ -- Philipp Kern <pkern@debian.org> Thu, 27 Nov 2008 19:13:17 +0100
+
+ca-certificates (20080809) unstable; urgency=low
+
+ * New cacert.org.pem joining both CACert Class 1 and Class 3 certificates.
+ This file can be used for proper certificate chaining if CACert
+ server certificates are used. The old class3.pem and root.pem
+ certificates are deprecated. This new file could safely serve as
+ a replacement for both. (Closes: #494343)
+ * This also reintroduces the old name for the CACert certificate,
+ thus closing a long-standing bug about its rename to root.crt.
+ (Closes: #413766)
+
+ -- Philipp Kern <pkern@debian.org> Sat, 09 Aug 2008 14:58:24 -0300
+
+ca-certificates (20080617) unstable; urgency=low
+
+ * Added French Government's IGC/A CA (both DSA and RSA).
+ (Closes: #416470)
+
+ -- Philipp Kern <pkern@debian.org> Mon, 23 Jun 2008 20:55:53 +0200
+
+ca-certificates (20080616) unstable; urgency=low
+
+ * Fix installation on pt_BR locales. The problem was caused by the
+ .templates choices strings being marked for translation, with pt_BR
+ being the only language which actually translated them. Thanks to
+ Ubuntu for the fix, which needs to be around until Lenny is released
+ or six months have passed, whichever is later. (Closes: #472507)
+ * Drop Fumitoshi from the list of maintainers. Farewell!
+ * Bump Standards-Version to 3.8.0.
+
+ -- Philipp Kern <pkern@debian.org> Mon, 16 Jun 2008 17:41:50 +0200
+
+ca-certificates (20080514) unstable; urgency=medium
+
+ * Added the new SPI CA certificate, created in response to the latest
+ openssl security update.
+ * Removed old SPI CA certificates (2006, 2007) as CAs cannot be
+ revoked sensibly. Expired CA created in 2003, expired in 2007 left
+ around for reference.
+ * Updated the Galician translation, thanks to Glennie Vignarajah.
+ (Closes: #416470)
+
+ -- Philipp Kern <pkern@debian.org> Wed, 14 May 2008 10:03:42 +0200
+
+ca-certificates (20080411) unstable; urgency=low
+
+ * Added the current SPI CA certificate, used by Debian's infrastructure.
+ * Added Deutsche Telekom Root CA 2, which is used by German institutions
+ through the DFN PKI.
+ * Updated mozilla certificates from trunk, which led to the following
+ adds (+) and removes (-):
+ + Camerfirma Chambers of Commerce Root
+ + Camerfirma Global Chambersign Root
+ + Certplus Class 2 Primary CA
+ + COMODO Certification Authority
+ + DigiCert Assured ID Root CA
+ + DigiCert Global Root CA
+ + DigiCert High Assurance EV Root CA
+ + DST ACES CA X6
+ + DST Root CA X3
+ + Entrust Root Certification Authority
+ + Firmaprofesional Root CA
+ + GeoTrust Global CA 2
+ + GeoTrust Primary Certification Authority
+ + GeoTrust Universal CA
+ + GeoTrust Universal CA 2
+ + GlobalSign Root CA - R2
+ + Go Daddy Class 2 CA
+ + NetLock Business (Class B) Root
+ + NetLock Express (Class C) Root
+ + NetLock Notary (Class A) Root
+ + NetLock Qualified (Class QA) Root
+ + QuoVadis Root CA 2
+ + QuoVadis Root CA 3
+ + Secure Global CA
+ + SecureTrust CA
+ + Starfield Class 2 CA
+ + StartCom Certification Authority
+ + StartCom Ltd.
+ + Swisscom Root CA 1
+ + SwissSign Gold CA - G2
+ + SwissSign Platinum CA - G2
+ + SwissSign Silver CA - G2
+ + Taiwan GRCA
+ + thawte Primary Root CA
+ + TURKTRUST Certificate Services Provider Root 1
+ + TURKTRUST Certificate Services Provider Root 2
+ + VeriSign Class 3 Public Primary Certification Authority - G5
+ + Wells Fargo Root CA
+ + XRamp Global CA Root
+ - Verisign Class 1 Public Primary OCSP Responder
+ - Verisign Class 2 Public Primary OCSP Responder
+ - Verisign Class 3 Public Primary OCSP Responder
+ - Verisign Secure Server OCSP Responder
+ (Closes: #447062, #456581)
+ * Updated the Russian debconf translation, thanks to Mikhail Gusarov.
+ (Closes: #434856)
+ * Reworded the description and made it static to ease translations.
+ * Reworded and amended README.Debian.
+ * Added myself to the uploaders of this package.
+ * Applied a patch by Martin F. Krafft to support hooks scripts
+ on add/remove of a certificate. (Closes: #377314)
+
+ -- Philipp Kern <pkern@debian.org> Sat, 12 Apr 2008 17:35:26 +0200
+
+ca-certificates (20070303-0.1) unstable; urgency=low
+
+ * Non-maintainer upload to fix longstanding pending l10n issues.
+ * Debconf templates and debian/control reviewed by the debian-l10n-
+ english team as part of the Smith review project.
+ Closes: #432249, #434789
+ * Debconf translation updates:
+ - Japanese. Closes:#433067
+ - Basque. Closes: #433074
+ - Spanish. Closes: #433078
+ - Czech. Closes: #433100
+ - Galician. Closes: #433215
+ - Russian. Closes: #433224
+ - Swedish. Closes: #433432
+ - Vietnamese. Closes: #433792, #427000, #434992
+ - Dutch. Closes: #434670
+ - German. Closes: #434788
+ - Italian. Closes: #435029
+ * Portuguese. Closes: #435471
+ * Finnish. Closes: #448826
+ * Remove /etc/ssl when purging the package (only if that
+ directory is empty). Closes: #454334
+ * [Lintian] Give a reference to the GPL text in debian/copyright
+ * [Lintian] No longer ignore errors from "make clean"
+ * [Lintian] Upgrade debhelper compatibility to 4 (with debian/compat).
+
+ -- Christian Perrier <bubulle@debian.org> Thu, 14 Feb 2008 19:52:37 +0100
+
+ca-certificates (20070303) unstable; urgency=low
+
+ * Add debconf.org crt. closes: Bug#342088
+ * Add cacert class3 crt. closes: Bug#350282
+ * Add debian/po/pt.po. closes: Bug#408183
+ * Update debian/po/ru.po. closes: Bug#410770
+ * Update debian/po/pt_BR.po. closes: Bug#403824
+ * Add debian/po/gl.po. closes: Bug#407951
+
+ -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 4 Mar 2007 14:12:23 +0900
+
+ca-certificates (20061027.2) unstable; urgency=low
+
+ * Non-maintainer upload to fix an RC issue revealed by the last NMU.
+ * Avoid cd to /etc/ssl/certs to removing hash symlinks
+ Closes: #408469
+
+ -- Christian Perrier <bubulle@debian.org> Fri, 2 Feb 2007 07:23:27 +0100
+
+ca-certificates (20061027.1) unstable; urgency=low
+
+ * Non-maintainer upload to fix remaining l10n issues
+ * Debconf translation updates:
+ - Czech. Closes: #407807
+ - Spanish. Closes: #401968
+ - German. Closes: #396942
+ * Add debconf-updatepo to the clean target in debian/rules
+ to guarantee up-to-date PO(T) files
+
+ -- Christian Perrier <bubulle@debian.org> Mon, 22 Jan 2007 18:56:53 +0100
+
+
+ca-certificates (20061027) unstable; urgency=low
+
+ * sbin/update-ca-certificates:
+ in fresh mode, rm symlinks only point to /usr/share/ca-certificates.
+ preserve other symlinks. closes: Bug#387089
+ * debian/po/nl.po: updated
+ closes: Bug#386767
+ * debian/po/fr.po: updated
+ closes: Bug#386806
+ * debian/po/da.po: updated
+ closes: Bug#388018
+
+ -- Fumitoshi UKAI <ukai@debian.or.jp> Sat, 28 Oct 2006 02:28:50 +0900
+
+ca-certificates (20060816) unstable; urgency=low
+
+ * debian/control: explicitly mention that trustworthiness of certificate
+ authorities is not evaluated.
+ closes: Bug#350726
+ * debian/templates: refine messages
+ closes: Bug#309481
+ * debian/postinst: remove tailing spaces to avoid unnecessary dpkg-old file.
+ closes: Bug#349346
+ * debian/control: libssl0.9.7->libssl0.9.8
+ closes: Bug#345197
+ * debian/postrm: remove .dpkg-old files
+ closes: Bug#349351
+ * debian/README.Debian: fix
+ closes: Bug#354509
+ * debian/postinst: fix typo
+ closes: Bug#355271
+ * debian/po/sv.po: added
+ closes: Bug#330984
+ * debian/po/es.po: added
+ closes: Bug#334383
+ * add new SPI CA certificate
+ submitted by Michael C. Schultheiss <schultmc@debian.org>
+
+ -- Fumitoshi UKAI <ukai@debian.or.jp> Thu, 17 Aug 2006 13:12:27 +0900
+
+ca-certificates (20050804) unstable; urgency=low
+
+ * use ${misc:Depends} in debian/control for debconf
+ * update description in debian/control
+ closes: Bug#309547
+ * update debian/po/vi.po
+ closes: Bug#313186
+ * update debian/po/de.po
+ closes: Bug#313678
+
+ -- Fumitoshi UKAI <ukai@debian.or.jp> Thu, 4 Aug 2005 01:29:38 +0900
+
+ca-certificates (20050518) unstable; urgency=high
+
+ * fix ca-certificates.crt generationumask-sensitive and racy
+ closes: Bug#296212
+ * update mozilla/certdata.txt
+ add: "Certum Root CA", "Comodo AAA Services root"
+ "Comodo Secure Services root",
+ "Comodo Trusted Services root",
+ "IPS Chained CAs root", "IPS CLASE1 root", "IPS CLASE3 root",
+ "IPS CLASEA1 root", "IPS CLASEA3 root", "IPS Servidores root"
+ "IPS Timestamping root",
+ "QuoVadis Root CA",
+ "Security Communication Root CA",
+ "Sonera Class 1 Root CA", "Sonera Class 2 Root CA",
+ "Staat der Nederlanden Root CA",
+ "TDC Internet Root CA", "TDC OCES Root CA",
+ "UTN DATACorp SGC Root CA", "UTN USERFirst Email Root CA",
+ "UTN USERFirst Hardware Root CA", "UTN USERFirst Object Root CA"
+ * add CACert.org's Root CA
+ closes: Bug#213086, Bug#288293
+ * add debian/po/vi.po
+ closes: Bug#309480
+ * add debian/po/cs.po
+ closes: Bug#309019
+ * write "How certificate will be accepted in ca-certificates package"
+ in README.Debain
+
+ -- Fumitoshi UKAI <ukai@debian.or.jp> Wed, 18 May 2005 00:40:54 +0900
+
+ca-certificates (20040809) unstable; urgency=low
+
+ * previous version was not fixed Bug#255933 correctly.
+ update-ca-certificates now remove symlinks of deselected entries
+ in ca-certificates.conf
+ closes: Bug#255933
+
+ -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 9 Aug 2004 03:23:20 +0900
+
+ca-certificates (20040808) unstable; urgency=low
+
+ * run update-ca-certificates by /bin/sh -e
+ closes: Bug#247581
+ * update-ca-certificates remove symlinks of deselected entries
+ in ca-certificates.conf
+ closes: Bug#255933
+ * change default of trust_new_crts from 'ask' to 'yes'
+ closes: Bug#218838, Bug#221527, Bug#236675, Bug#247509
+ * refer libssl0.9.7 instead of libssl0.9.6 in Enhances:
+ closes: Bug#251158
+ * add brasil.gov.br certs
+ closes: Bug#224612
+ * add Signet CA Roots certs
+ closes: Bug#233206
+ * add QuoVadis CA Roots certs
+ closes: Bug#250847
+ * update pt_BR.po
+ closes: Bug#218812
+ * add da.po
+ closes: Bug#235322
+ * add ca.po
+ closes: Bug#237124
+ * add nl.po
+ closes: Bug#23840
+ * add de.po
+ closes: Bug#250785
+ * fix quote characters in template
+ closes: Bug#255738
+ * remove debian.org, because certs used in db.debian.org has been
+ revoked due to debian.org crack incidents.
+ db.debian.org uses certificates using spi-inc.org Root CA.
+
+ -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 8 Aug 2004 10:58:30 +0900
+
+ca-certificates (20031007.1) unstable; urgency=low
+
+ * NMU
+ * Add brasil.gov.br/brasil.gov.br.crt, created from
+ http://www.icpbrasil.gov.br/certificadoACRaiz.crt
+ * Add debian/po/pt_BR.po: closes: Bug#224612
+
+ -- Otavio Salvador <otavio@debian.org> Thu, 5 Aug 2004 12:16:26 -0300
+
+ca-certificates (20031007) unstable; urgency=low
+
+ * add debian/po/ru.po: closes: Bug#214371
+
+ -- Fumitoshi UKAI <ukai@debian.or.jp> Tue, 7 Oct 2003 03:06:06 +0900
+
+ca-certificates (20030924) unstable; urgency=low
+
+ * add debian/po/ja.po: closes: Bug#212565
+
+ -- Fumitoshi UKAI <ukai@debian.or.jp> Wed, 24 Sep 2003 22:09:09 +0900
+
+ca-certificates (20030916) unstable; urgency=low
+
+ * add debian/po/fr.po: closes: Bug#211224, Bug#206769
+ * debian/config: if new cert is asked, don't ask all available certs
+ closes: Bug#211199
+
+ -- Fumitoshi UKAI <ukai@debian.or.jp> Wed, 17 Sep 2003 02:12:14 +0900
+
+ca-certificates (20030915) unstable; urgency=low
+
+ * debian/config.in: fix typo. closes: Bug#190990
+ * add option for new CA certificates. closes: Bug#190989
+ * switch to gettext-based debconf templates. closes: Bug#205782
+ * update mozilla/certdata.txt from mozilla 1.4 release
+
+ -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 15 Sep 2003 01:15:04 +0900
+
+ca-certificates (20030420) unstable; urgency=low
+
+ * add README.Debian and update-ca-certificates(8). closes: Bug#189604
+ * fix broken English in debconf template. closes: Bug#189606
+ * don't remove symlinks in /etc/ssl/certs. closes: Bug#189607
+ * preserve comments in /etc/ca-certificates.conf when upgrading.
+ closes: Bug#189611
+
+ -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 21 Apr 2003 00:06:01 +0900
+
+ca-certificates (20030415) unstable; urgency=medium
+
+ * fix upgrade problem
+ closes: Bug#188938, Bug#188940
+ * purge debconf
+
+ -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 14 Apr 2003 23:00:58 +0900
+
+ca-certificates (20030414) unstable; urgency=medium
+
+ * certificates are installed in /usr/share/ca-certificates
+ you can find md5sum of certs files. closes: Bug#170777
+
+ * debconf to generate /etc/ca-certificates.conf
+ * update-ca-certificates update /etc/ssl/certs according
+ /etc/ca-certificates.conf
+ It also generate /etc/ssl/certs/ca-certificates.crt
+ which is single-file version of certs.
+ closes: Bug#158904
+
+ * change extension from .pem to .crt in /usr/share/ca-certificates
+ - /etc/mime.types:
+ application/x-x509-ca-cert crt
+ but it will be hardlink or copied in /etc/ssl/certs with .pem
+ extension by update-ca-certificates.
+ c_rehash requires .pem extension
+
+ * Update certificate from mozilla 2:1.3-4
+ mozilla/security/nss/lib/ckfw/builtins/certdata.txt
+ cefd05b299ea683fc6b1ce9ff1e23a3f mozilla/certdata.txt
+
+ * Add spi-inc.org/spi-ca.crt from http://www.spi-inc.org/secretary/
+ 33922a1660820e44812e7ddc392878cb spi-inc.org/spi-ca.crt
+ % openssl x509 -in spi-inc.org/spi-ca.crt -fingerprint -noout
+ MD5 Fingerprint=ED:85:3A:FD:32:43:13:73:91:4D:94:06:C4:10:EB:E5
+
+ -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 14 Apr 2003 00:02:48 +0900
+
+ca-certificates (20020323) unstable; urgency=low
+
+ * Moved from non-US to main now that openssl has moved there.
+
+ -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 24 Mar 2002 03:11:54 +0900
+
+ca-certificates (20020208) unstable; urgency=low
+
+ * add db.debian.org certificate
+
+ -- Fumitoshi UKAI <ukai@debian.or.jp> Fri, 8 Feb 2002 23:46:11 +0900
+
+ca-certificates (20020112) unstable; urgency=low
+
+ * upload to non-US instead of main, because it depends on openssl
+ (it uses c_rehash in openssl in maintainer scripts)
+
+ -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 13 Jan 2002 04:30:28 +0900
+
+ca-certificates (20020107) unstable; urgency=low
+
+ * Initial Release. closes: Bug#126586
+
+ -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 7 Jan 2002 21:16:51 +0900
diff --git a/debian/clean b/debian/clean
new file mode 100644
index 0000000..7c7e860
--- /dev/null
+++ b/debian/clean
@@ -0,0 +1 @@
+debian/config.initial_certs
diff --git a/debian/config b/debian/config
new file mode 100644
index 0000000..8885f30
--- /dev/null
+++ b/debian/config
@@ -0,0 +1,163 @@
+#!/bin/sh
+# $1 = action ('configure' or 'reconfigure')
+# $2 = current-installed-version
+set -e
+
+action="$1"
+
+if test -f /etc/ca-certificates.conf; then
+ CERTSCONF=/etc/ca-certificates.conf
+else
+ CERTSCONF=/dev/null
+fi
+
+# CERTS_DISABLED: certs that user dont trust
+CERTS_DISABLED=$(sed -ne 's/^!\(.*\)/\1/p' $CERTSCONF)
+
+# CERTS_TRUST: certs that user already trust
+CERTS_TRUST=$(sed -e '/^#/d' -e '/^!/d' $CERTSCONF)
+
+
+# CERTS_AVAILABLE: certs that user can choices
+CERTS_AVAILABLE=""
+
+# CERTS_ENABLED: certs that user already trusted
+CERTS_ENABLED=""
+
+# CERTS_LIST: certs that will be installed
+CERTS_LIST="#INITIAL_CERTS#"
+
+# CERTS_NEW: new certificates that will be installed
+CERTS_NEW=""
+
+members()
+{
+ echo "$1" | tr ',' '\n' | sed -e 's/^[[:space:]]*//' | while read ca
+ do
+ if echo "$2" | grep -q "$ca" > /dev/null 2>&1; then
+ echo match
+ fi
+ done | grep -q match
+}
+
+. /usr/share/debconf/confmodule || exit
+db_version 2.0
+db_capb multiselect
+
+db_settitle ca-certificates/title
+db_input medium ca-certificates/trust_new_crts || true
+db_go
+
+trust_new="yes"
+if db_get ca-certificates/trust_new_crts; then
+ trust_new="$RET"
+fi
+
+seen=false
+if db_fget ca-certificates/enable_crts seen; then
+ seen="$RET"
+fi
+# XXX: in case reconfigure, force to select all available certificates
+if test "$action" = "reconfigure" || test "$DEBCONF_RECONFIGURE" = "1"; then
+ seen=false
+ trust_new=no
+fi
+
+if test -d /usr/share/ca-certificates; then
+ cd /usr/share/ca-certificates
+ crts=$( (find . -type f -name '*.crt' -print | sed -e 's/^\.\///'; \
+ echo "$CERTS_LIST" | tr ',' '\n' | sed -e 's/^[[:space:]]*//') | \
+ sort | uniq)
+ for crt in $crts
+ do
+ if test "$CERTS_AVAILABLE" = ""; then
+ CERTS_AVAILABLE="$crt"
+ else
+ CERTS_AVAILABLE="$CERTS_AVAILABLE, $crt"
+ fi
+ if (echo "$CERTS_DISABLED" | grep -F -q -x "$crt") > /dev/null 2>&1; then
+ : # echo "I: ignore $crt"
+ elif (echo "$CERTS_TRUST" | grep -F -q -x "$crt") > /dev/null 2>&1; then
+ # already trusted
+ if test "$CERTS_ENABLED" = ""; then
+ CERTS_ENABLED="$crt"
+ else
+ CERTS_ENABLED="$CERTS_ENABLED, $crt"
+ fi
+ else
+ # new certs?
+ if test "$trust_new" = "yes"; then
+ if test "$CERTS_ENABLED" = ""; then
+ CERTS_ENABLED="$crt"
+ else
+ CERTS_ENABLED="$CERTS_ENABLED, $crt"
+ fi
+ elif test "$trust_new" = "ask"; then
+ if test "$CERTS_NEW" = ""; then
+ CERTS_NEW="$crt"
+ else
+ CERTS_NEW="$CERTS_NEW, $crt"
+ fi
+ else
+ : # trust_new=no, default disabled
+ fi
+ fi
+ done
+else
+ # initial installation
+ CERTS_AVAILABLE="$CERTS_LIST"
+ CERTS_ENABLED="$CERTS_AVAILABLE"
+ # XXX: ca-certificates/enable_crts should be used, so no need to ask new
+ # in this session
+ trust_new="yes"
+ CERTS_NEW=""
+fi
+
+enable_crts=""
+if db_get ca-certificates/enable_crts; then
+ enable_crts="$RET"
+fi
+
+new_seen=false
+if db_fget ca-certificates/new_crts seen; then
+ new_seen="$RET"
+fi
+if members "$CERTS_NEW" "$enable_crts"; then
+ # already selected new_crts?
+ new_seen=true
+fi
+db_subst ca-certificates/new_crts new_crts "$CERTS_NEW"
+
+if test "$trust_new" = "ask" && test "$new_seen" = "true"; then
+ # XXX: run this again in postinst
+ CERTS_ENABLED="$enable_crts"
+fi
+
+if test "$trust_new" = "ask" && test "$CERTS_NEW" != "" && test "$new_seen" = "false"; then
+ # New certificates added
+ db_fset ca-certificates/new_crts seen false
+ db_input critical ca-certificates/new_crts || true
+ db_go
+
+ if db_get ca-certificates/new_crts; then
+ if test "$CERTS_ENABLED" = ""; then
+ CERTS_ENABLED="$RET"
+ else
+ CERTS_ENABLED="$CERTS_ENABLED, $RET"
+ fi
+ fi
+ # XXX: old certificates keep current state?
+ seen=true
+fi
+# mark seen true, so that dont ask again while postinst
+db_fset ca-certificates/new_crts seen true
+
+db_set ca-certificates/enable_crts "$CERTS_ENABLED"
+db_subst ca-certificates/enable_crts enable_crts "$CERTS_AVAILABLE"
+if test "$seen" != true; then
+ db_fset ca-certificates/enable_crts seen false
+fi
+db_input low ca-certificates/enable_crts || true
+db_go
+
+exit 0
diff --git a/debian/control b/debian/control
new file mode 100644
index 0000000..b5f2ab0
--- /dev/null
+++ b/debian/control
@@ -0,0 +1,39 @@
+Source: ca-certificates
+Section: misc
+Priority: optional
+Maintainer: Julien Cristau <jcristau@debian.org>
+Build-Depends: debhelper-compat (= 13), po-debconf
+Build-Depends-Indep: python3, openssl, python3-cryptography
+Standards-Version: 4.6.2
+Rules-Requires-Root: no
+Vcs-Git: https://salsa.debian.org/debian/ca-certificates.git
+Vcs-Browser: https://salsa.debian.org/debian/ca-certificates
+
+Package: ca-certificates
+Priority: standard
+Architecture: all
+Depends: openssl (>= 1.1.1), ${misc:Depends}
+Enhances: openssl
+Multi-Arch: foreign
+Breaks: ca-certificates-java (<<20121112+nmu1)
+Description: Common CA certificates
+ Contains the certificate authorities shipped with Mozilla's browser to allow
+ SSL-based applications to check for the authenticity of SSL connections.
+ .
+ Please note that Debian can neither confirm nor deny whether the
+ certificate authorities whose certificates are included in this package
+ have in any way been audited for trustworthiness or RFC 3647 compliance.
+ Full responsibility to assess them belongs to the local system
+ administrator.
+
+Package: ca-certificates-udeb
+Package-Type: udeb
+Section: debian-installer
+Architecture: all
+Depends: ${misc:Depends}
+Description: Common CA certificates - udeb
+ Contains the certificate authorities shipped with Mozilla's browser,
+ all enabled by default.
+ .
+ This package is for use in the installer environment only.
+ Do not install on a normal system.
diff --git a/debian/copyright b/debian/copyright
new file mode 100644
index 0000000..482646d
--- /dev/null
+++ b/debian/copyright
@@ -0,0 +1,414 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Source: http://ftp.debian.org/debian/pool/main/c/ca-certificates/
+
+Files: debian/*
+ examples/*
+ Makefile
+ mozilla/*
+ sbin/*
+Copyright: 2003 Fumitoshi UKAI <ukai@debian.or.jp>
+ 2009 Philipp Kern <pkern@debian.org>
+ 2011 Michael Shuler <michael@pbandjelly.org>
+ Various Debian Contributors
+License: GPL-2+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+ .
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+ .
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301,
+ USA.
+ .
+ On Debian GNU/Linux systems, the complete text of the GNU General Public
+ License can be found in '/usr/share/common-licenses/GPL-2'.
+
+Files: mozilla/certdata.txt
+ mozilla/nssckbi.h
+Copyright: Mozilla Contributors
+Comment: Original Copyright: 1994-2000 Netscape Communications Corporation
+ (certdata.txt <= CVS Revision: 1.82)
+ NSS no longer contains explicit copyright. Upstream indicates
+ that "Mozilla Contributors" is an appropriate attibution for the
+ required Copyright: field in Debian's machine-readable format.
+ https://bugzilla.mozilla.org/show_bug.cgi?id=850003
+License: MPL-2.0
+ Mozilla Public License Version 2.0
+ ==================================
+ .
+ 1. Definitions
+ --------------
+ .
+ 1.1. "Contributor"
+ means each individual or legal entity that creates, contributes to
+ the creation of, or owns Covered Software.
+ .
+ 1.2. "Contributor Version"
+ means the combination of the Contributions of others (if any) used
+ by a Contributor and that particular Contributor's Contribution.
+ .
+ 1.3. "Contribution"
+ means Covered Software of a particular Contributor.
+ .
+ 1.4. "Covered Software"
+ means Source Code Form to which the initial Contributor has attached
+ the notice in Exhibit A, the Executable Form of such Source Code
+ Form, and Modifications of such Source Code Form, in each case
+ including portions thereof.
+ .
+ 1.5. "Incompatible With Secondary Licenses"
+ means
+ .
+ (a) that the initial Contributor has attached the notice described
+ in Exhibit B to the Covered Software; or
+ .
+ (b) that the Covered Software was made available under the terms of
+ version 1.1 or earlier of the License, but not also under the
+ terms of a Secondary License.
+ .
+ 1.6. "Executable Form"
+ means any form of the work other than Source Code Form.
+ .
+ 1.7. "Larger Work"
+ means a work that combines Covered Software with other material, in
+ a separate file or files, that is not Covered Software.
+ .
+ 1.8. "License"
+ means this document.
+ .
+ 1.9. "Licensable"
+ means having the right to grant, to the maximum extent possible,
+ whether at the time of the initial grant or subsequently, any and
+ all of the rights conveyed by this License.
+ .
+ 1.10. "Modifications"
+ means any of the following:
+ .
+ (a) any file in Source Code Form that results from an addition to,
+ deletion from, or modification of the contents of Covered
+ Software; or
+ .
+ (b) any new file in Source Code Form that contains any Covered
+ Software.
+ .
+ 1.11. "Patent Claims" of a Contributor
+ means any patent claim(s), including without limitation, method,
+ process, and apparatus claims, in any patent Licensable by such
+ Contributor that would be infringed, but for the grant of the
+ License, by the making, using, selling, offering for sale, having
+ made, import, or transfer of either its Contributions or its
+ Contributor Version.
+ .
+ 1.12. "Secondary License"
+ means either the GNU General Public License, Version 2.0, the GNU
+ Lesser General Public License, Version 2.1, the GNU Affero General
+ Public License, Version 3.0, or any later versions of those
+ licenses.
+ .
+ 1.13. "Source Code Form"
+ means the form of the work preferred for making modifications.
+ .
+ 1.14. "You" (or "Your")
+ means an individual or a legal entity exercising rights under this
+ License. For legal entities, "You" includes any entity that
+ controls, is controlled by, or is under common control with You. For
+ purposes of this definition, "control" means (a) the power, direct
+ or indirect, to cause the direction or management of such entity,
+ whether by contract or otherwise, or (b) ownership of more than
+ fifty percent (50%) of the outstanding shares or beneficial
+ ownership of such entity.
+ .
+ 2. License Grants and Conditions
+ --------------------------------
+ .
+ 2.1. Grants
+ .
+ Each Contributor hereby grants You a world-wide, royalty-free,
+ non-exclusive license:
+ .
+ (a) under intellectual property rights (other than patent or trademark)
+ Licensable by such Contributor to use, reproduce, make available,
+ modify, display, perform, distribute, and otherwise exploit its
+ Contributions, either on an unmodified basis, with Modifications, or
+ as part of a Larger Work; and
+ .
+ (b) under Patent Claims of such Contributor to make, use, sell, offer
+ for sale, have made, import, and otherwise transfer either its
+ Contributions or its Contributor Version.
+ .
+ 2.2. Effective Date
+ .
+ The licenses granted in Section 2.1 with respect to any Contribution
+ become effective for each Contribution on the date the Contributor first
+ distributes such Contribution.
+ .
+ 2.3. Limitations on Grant Scope
+ .
+ The licenses granted in this Section 2 are the only rights granted under
+ this License. No additional rights or licenses will be implied from the
+ distribution or licensing of Covered Software under this License.
+ Notwithstanding Section 2.1(b) above, no patent license is granted by a
+ Contributor:
+ .
+ (a) for any code that a Contributor has removed from Covered Software;
+ or
+ .
+ (b) for infringements caused by: (i) Your and any other third party's
+ modifications of Covered Software, or (ii) the combination of its
+ Contributions with other software (except as part of its Contributor
+ Version); or
+ .
+ (c) under Patent Claims infringed by Covered Software in the absence of
+ its Contributions.
+ .
+ This License does not grant any rights in the trademarks, service marks,
+ or logos of any Contributor (except as may be necessary to comply with
+ the notice requirements in Section 3.4).
+ .
+ 2.4. Subsequent Licenses
+ .
+ No Contributor makes additional grants as a result of Your choice to
+ distribute the Covered Software under a subsequent version of this
+ License (see Section 10.2) or under the terms of a Secondary License (if
+ permitted under the terms of Section 3.3).
+ .
+ 2.5. Representation
+ .
+ Each Contributor represents that the Contributor believes its
+ Contributions are its original creation(s) or it has sufficient rights
+ to grant the rights to its Contributions conveyed by this License.
+ .
+ 2.6. Fair Use
+ .
+ This License is not intended to limit any rights You have under
+ applicable copyright doctrines of fair use, fair dealing, or other
+ equivalents.
+ .
+ 2.7. Conditions
+ .
+ Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted
+ in Section 2.1.
+ .
+ 3. Responsibilities
+ -------------------
+ .
+ 3.1. Distribution of Source Form
+ .
+ All distribution of Covered Software in Source Code Form, including any
+ Modifications that You create or to which You contribute, must be under
+ the terms of this License. You must inform recipients that the Source
+ Code Form of the Covered Software is governed by the terms of this
+ License, and how they can obtain a copy of this License. You may not
+ attempt to alter or restrict the recipients' rights in the Source Code
+ Form.
+ .
+ 3.2. Distribution of Executable Form
+ .
+ If You distribute Covered Software in Executable Form then:
+ .
+ (a) such Covered Software must also be made available in Source Code
+ Form, as described in Section 3.1, and You must inform recipients of
+ the Executable Form how they can obtain a copy of such Source Code
+ Form by reasonable means in a timely manner, at a charge no more
+ than the cost of distribution to the recipient; and
+ .
+ (b) You may distribute such Executable Form under the terms of this
+ License, or sublicense it under different terms, provided that the
+ license for the Executable Form does not attempt to limit or alter
+ the recipients' rights in the Source Code Form under this License.
+ .
+ 3.3. Distribution of a Larger Work
+ .
+ You may create and distribute a Larger Work under terms of Your choice,
+ provided that You also comply with the requirements of this License for
+ the Covered Software. If the Larger Work is a combination of Covered
+ Software with a work governed by one or more Secondary Licenses, and the
+ Covered Software is not Incompatible With Secondary Licenses, this
+ License permits You to additionally distribute such Covered Software
+ under the terms of such Secondary License(s), so that the recipient of
+ the Larger Work may, at their option, further distribute the Covered
+ Software under the terms of either this License or such Secondary
+ License(s).
+ .
+ 3.4. Notices
+ .
+ You may not remove or alter the substance of any license notices
+ (including copyright notices, patent notices, disclaimers of warranty,
+ or limitations of liability) contained within the Source Code Form of
+ the Covered Software, except that You may alter any license notices to
+ the extent required to remedy known factual inaccuracies.
+ .
+ 3.5. Application of Additional Terms
+ .
+ You may choose to offer, and to charge a fee for, warranty, support,
+ indemnity or liability obligations to one or more recipients of Covered
+ Software. However, You may do so only on Your own behalf, and not on
+ behalf of any Contributor. You must make it absolutely clear that any
+ such warranty, support, indemnity, or liability obligation is offered by
+ You alone, and You hereby agree to indemnify every Contributor for any
+ liability incurred by such Contributor as a result of warranty, support,
+ indemnity or liability terms You offer. You may include additional
+ disclaimers of warranty and limitations of liability specific to any
+ jurisdiction.
+ .
+ 4. Inability to Comply Due to Statute or Regulation
+ ---------------------------------------------------
+ .
+ If it is impossible for You to comply with any of the terms of this
+ License with respect to some or all of the Covered Software due to
+ statute, judicial order, or regulation then You must: (a) comply with
+ the terms of this License to the maximum extent possible; and (b)
+ describe the limitations and the code they affect. Such description must
+ be placed in a text file included with all distributions of the Covered
+ Software under this License. Except to the extent prohibited by statute
+ or regulation, such description must be sufficiently detailed for a
+ recipient of ordinary skill to be able to understand it.
+ .
+ 5. Termination
+ --------------
+ .
+ 5.1. The rights granted under this License will terminate automatically
+ if You fail to comply with any of its terms. However, if You become
+ compliant, then the rights granted under this License from a particular
+ Contributor are reinstated (a) provisionally, unless and until such
+ Contributor explicitly and finally terminates Your grants, and (b) on an
+ ongoing basis, if such Contributor fails to notify You of the
+ non-compliance by some reasonable means prior to 60 days after You have
+ come back into compliance. Moreover, Your grants from a particular
+ Contributor are reinstated on an ongoing basis if such Contributor
+ notifies You of the non-compliance by some reasonable means, this is the
+ first time You have received notice of non-compliance with this License
+ from such Contributor, and You become compliant prior to 30 days after
+ Your receipt of the notice.
+ .
+ 5.2. If You initiate litigation against any entity by asserting a patent
+ infringement claim (excluding declaratory judgment actions,
+ counter-claims, and cross-claims) alleging that a Contributor Version
+ directly or indirectly infringes any patent, then the rights granted to
+ You by any and all Contributors for the Covered Software under Section
+ 2.1 of this License shall terminate.
+ .
+ 5.3. In the event of termination under Sections 5.1 or 5.2 above, all
+ end user license agreements (excluding distributors and resellers) which
+ have been validly granted by You or Your distributors under this License
+ prior to termination shall survive termination.
+ .
+ ************************************************************************
+ * *
+ * 6. Disclaimer of Warranty *
+ * ------------------------- *
+ * *
+ * Covered Software is provided under this License on an "as is" *
+ * basis, without warranty of any kind, either expressed, implied, or *
+ * statutory, including, without limitation, warranties that the *
+ * Covered Software is free of defects, merchantable, fit for a *
+ * particular purpose or non-infringing. The entire risk as to the *
+ * quality and performance of the Covered Software is with You. *
+ * Should any Covered Software prove defective in any respect, You *
+ * (not any Contributor) assume the cost of any necessary servicing, *
+ * repair, or correction. This disclaimer of warranty constitutes an *
+ * essential part of this License. No use of any Covered Software is *
+ * authorized under this License except under this disclaimer. *
+ * *
+ ************************************************************************
+ .
+ ************************************************************************
+ * *
+ * 7. Limitation of Liability *
+ * -------------------------- *
+ * *
+ * Under no circumstances and under no legal theory, whether tort *
+ * (including negligence), contract, or otherwise, shall any *
+ * Contributor, or anyone who distributes Covered Software as *
+ * permitted above, be liable to You for any direct, indirect, *
+ * special, incidental, or consequential damages of any character *
+ * including, without limitation, damages for lost profits, loss of *
+ * goodwill, work stoppage, computer failure or malfunction, or any *
+ * and all other commercial damages or losses, even if such party *
+ * shall have been informed of the possibility of such damages. This *
+ * limitation of liability shall not apply to liability for death or *
+ * personal injury resulting from such party's negligence to the *
+ * extent applicable law prohibits such limitation. Some *
+ * jurisdictions do not allow the exclusion or limitation of *
+ * incidental or consequential damages, so this exclusion and *
+ * limitation may not apply to You. *
+ * *
+ ************************************************************************
+ .
+ 8. Litigation
+ -------------
+ .
+ Any litigation relating to this License may be brought only in the
+ courts of a jurisdiction where the defendant maintains its principal
+ place of business and such litigation shall be governed by laws of that
+ jurisdiction, without reference to its conflict-of-law provisions.
+ Nothing in this Section shall prevent a party's ability to bring
+ cross-claims or counter-claims.
+ .
+ 9. Miscellaneous
+ ----------------
+ .
+ This License represents the complete agreement concerning the subject
+ matter hereof. If any provision of this License is held to be
+ unenforceable, such provision shall be reformed only to the extent
+ necessary to make it enforceable. Any law or regulation which provides
+ that the language of a contract shall be construed against the drafter
+ shall not be used to construe this License against a Contributor.
+ .
+ 10. Versions of the License
+ ---------------------------
+ .
+ 10.1. New Versions
+ .
+ Mozilla Foundation is the license steward. Except as provided in Section
+ 10.3, no one other than the license steward has the right to modify or
+ publish new versions of this License. Each version will be given a
+ distinguishing version number.
+ .
+ 10.2. Effect of New Versions
+ .
+ You may distribute the Covered Software under the terms of the version
+ of the License under which You originally received the Covered Software,
+ or under the terms of any subsequent version published by the license
+ steward.
+ .
+ 10.3. Modified Versions
+ .
+ If you create software not governed by this License, and you want to
+ create a new license for such software, you may create and use a
+ modified version of this License if you rename the license and remove
+ any references to the name of the license steward (except to note that
+ such modified license differs from this License).
+ .
+ 10.4. Distributing Source Code Form that is Incompatible With Secondary
+ Licenses
+ .
+ If You choose to distribute Source Code Form that is Incompatible With
+ Secondary Licenses under the terms of this version of the License, the
+ notice described in Exhibit B of this License must be attached.
+ .
+ Exhibit A - Source Code Form License Notice
+ -------------------------------------------
+ .
+ This Source Code Form is subject to the terms of the Mozilla Public
+ License, v. 2.0. If a copy of the MPL was not distributed with this
+ file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ .
+ If it is not possible or desirable to put the notice in a particular
+ file, then You may include the notice in a location (such as a LICENSE
+ file in a relevant directory) where a recipient would be likely to look
+ for such a notice.
+ .
+ You may add additional accurate notices of copyright ownership.
+ .
+ Exhibit B - "Incompatible With Secondary Licenses" Notice
+ ---------------------------------------------------------
+ .
+ This Source Code Form is "Incompatible With Secondary Licenses", as
+ defined by the Mozilla Public License, v. 2.0.
diff --git a/debian/gbp.conf b/debian/gbp.conf
new file mode 100644
index 0000000..86f84e1
--- /dev/null
+++ b/debian/gbp.conf
@@ -0,0 +1,2 @@
+[buildpackage]
+debian-branch = master
diff --git a/debian/po/POTFILES.in b/debian/po/POTFILES.in
new file mode 100644
index 0000000..cef83a3
--- /dev/null
+++ b/debian/po/POTFILES.in
@@ -0,0 +1 @@
+[type: gettext/rfc822deb] templates
diff --git a/debian/po/ca.po b/debian/po/ca.po
new file mode 100644
index 0000000..4470118
--- /dev/null
+++ b/debian/po/ca.po
@@ -0,0 +1,143 @@
+# Catalan translation of ca-certificates debconf templates.
+# Copyright (c) 2004, 2010, 2011 Software in the Public Interest, Inc.
+# This file is distributed under the same license as the ca-certificates package.
+# Josep Monés i Teixidor <jmones@puntbarra.com>, 2004.
+# Jordi Mallach <jordi@debian.org>, 2010, 2011.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: ca-certificates 20090814+nmu2\n"
+"Report-Msgid-Bugs-To: ca-certificates@packages.debian.org\n"
+"POT-Creation-Date: 2011-10-22 14:41+0200\n"
+"PO-Revision-Date: 2011-10-13 12:47+0200\n"
+"Last-Translator: Jordi Mallach <jordi@debian.org>\n"
+"Language-Team: Catalan <debian-l10n-catalan@lists.debian.org>\n"
+"Language: ca\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. Type: title
+#. Description
+#: ../templates:2001
+msgid "ca-certificates configuration"
+msgstr "Configuració de ca-certificates"
+
+#. Type: select
+#. Choices
+#: ../templates:3001
+msgid "yes"
+msgstr "sí"
+
+#. Type: select
+#. Choices
+#: ../templates:3001
+msgid "no"
+msgstr "no"
+
+#. Type: select
+#. Choices
+#: ../templates:3001
+msgid "ask"
+msgstr "demana"
+
+#. Type: select
+#. Description
+#: ../templates:3002
+msgid "Trust new certificates from certificate authorities?"
+msgstr ""
+"Voleu confiar en els nous certificats de les autoritats certificadores?"
+
+#. Type: select
+#. Description
+#: ../templates:3002
+msgid ""
+"This package may install new CA (Certificate Authority) certificates when "
+"upgrading. You may want to check such new CA certificates and select only "
+"certificates that you trust."
+msgstr ""
+"Aquest paquet pot instal·lar nous certificats de les CA (Entitats "
+"Certificadores) en el moment d'actualitzar-lo. Podeu escollir comprovar "
+"aquests nous certificats de les CA i seleccionar-ne només els certificats en "
+"què confieu."
+
+#. Type: select
+#. Description
+#: ../templates:3002
+msgid ""
+" - yes: new CA certificates will be trusted and installed;\n"
+" - no : new CA certificates will not be installed by default;\n"
+" - ask: prompt for each new CA certificate."
+msgstr ""
+"- 'sí', es confiarà i s'instal·laran els nous certificats de les CA.\n"
+"- 'no', no s'instal·laran, per defecte, els nous certificats de les CA.\n"
+"- 'demana', se us demanarà si confieu o no en cada nou certificat de les CA."
+
+#. Type: multiselect
+#. Description
+#: ../templates:4001
+msgid "New certificates to activate:"
+msgstr "Certificats nous a activar:"
+
+#. Type: multiselect
+#. Description
+#: ../templates:4001
+msgid ""
+"During upgrades, new certificates will be added. Please choose those you "
+"trust."
+msgstr ""
+"Durant l'actualització s'afegiran certificats nous. Seleccioneu aquells en "
+"què confieu."
+
+#. Type: multiselect
+#. Description
+#: ../templates:5001
+msgid "Certificates to activate:"
+msgstr "Certificats a activar:"
+
+#. Type: multiselect
+#. Description
+#: ../templates:5001
+msgid ""
+"This package installs common CA (Certificate Authority) certificates in /usr/"
+"share/ca-certificates."
+msgstr ""
+"Aquest paquet instaŀla certificats comuns de les CA (autoritats "
+"certificadores) en /usr/share/ca-certificates."
+
+#. Type: multiselect
+#. Description
+#: ../templates:5001
+msgid ""
+"Please select the certificate authorities you trust so that their "
+"certificates are installed into /etc/ssl/certs. They will be compiled into a "
+"single /etc/ssl/certs/ca-certificates.crt file."
+msgstr ""
+"Seleccioneu les autoritats certificadores en què confieu per a que "
+"s'instaŀlen els seus certificats a /etc/ssl/certs. Aquests es compilaran en "
+"un sol fitxer /etc/ssl/certs/ca-certificates.crt."
+
+#~ msgid "yes, no, ask"
+#~ msgstr "sí, no, demana"
+
+#~ msgid "${new_crts}"
+#~ msgstr "${new_crts}"
+
+#~ msgid "${enable_crts}"
+#~ msgstr "${enable_crts}"
+
+#~ msgid "Select new certificates to activate:"
+#~ msgstr "Seleccioneu quins certificats nous voleu activar:"
+
+#~ msgid ""
+#~ "This package installs common CA (Certificate Authority) certificates in /"
+#~ "usr/share/ca-certificates. You can select certs from these available "
+#~ "certs to be installed into /etc/ssl/certs. This package will make "
+#~ "symlinks and generate a single file of all your selected certs, /etc/ssl/"
+#~ "certs/ca-certificates.crt."
+#~ msgstr ""
+#~ "Aquest paquet instal·la certificats de les CA (Entitats Certificadores) "
+#~ "d'ús comú a /usr/share/ca-certificates. D'aquests certificats en podeu "
+#~ "seleccionar els que desitgeu instal·lar a /etc/ssl/certs. Aquest paquet "
+#~ "farà enllaços simbòlics i generarà un sol fitxer per a tots els "
+#~ "certificats que seleccioneu, /etc/ssl/certs/ca-certificates.crt."
diff --git a/debian/po/cs.po b/debian/po/cs.po
new file mode 100644
index 0000000..8f7c295
--- /dev/null
+++ b/debian/po/cs.po
@@ -0,0 +1,126 @@
+#
+# Translators, if you are not familiar with the PO format, gettext
+# documentation is worth reading, especially sections dedicated to
+# this format, e.g. by running:
+# info -n '(gettext)PO Files'
+# info -n '(gettext)Header Entry'
+#
+# Some information specific to po-debconf are available at
+# /usr/share/doc/po-debconf/README-trans
+# or http://www.debian.org/intl/l10n/po-debconf/README-trans
+#
+# Developers do not need to manually edit POT or PO files.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: ca-certificates\n"
+"Report-Msgid-Bugs-To: ca-certificates@packages.debian.org\n"
+"POT-Creation-Date: 2011-10-22 14:41+0200\n"
+"PO-Revision-Date: 2011-10-09 19:01+0200\n"
+"Last-Translator: Miroslav Kure <kurem@debian.cz>\n"
+"Language-Team: Czech <debian-l10n-czech@lists.debian.org>\n"
+"Language: cs\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. Type: title
+#. Description
+#: ../templates:2001
+msgid "ca-certificates configuration"
+msgstr "Nastavení ca-certificates"
+
+#. Type: select
+#. Choices
+#: ../templates:3001
+msgid "yes"
+msgstr "ano"
+
+#. Type: select
+#. Choices
+#: ../templates:3001
+msgid "no"
+msgstr "ne"
+
+#. Type: select
+#. Choices
+#: ../templates:3001
+msgid "ask"
+msgstr "zeptat se"
+
+#. Type: select
+#. Description
+#: ../templates:3002
+msgid "Trust new certificates from certificate authorities?"
+msgstr "Důvěřovat novým certifikátům certifikačních autorit?"
+
+#. Type: select
+#. Description
+#: ../templates:3002
+msgid ""
+"This package may install new CA (Certificate Authority) certificates when "
+"upgrading. You may want to check such new CA certificates and select only "
+"certificates that you trust."
+msgstr ""
+"Tento balík může při aktualizaci instalovat nové certifikáty certifikačních "
+"autorit (CA). Měli byste tyto nové certifikáty zkontrolovat a vybrat jen ty, "
+"kterým důvěřujete."
+
+#. Type: select
+#. Description
+#: ../templates:3002
+msgid ""
+" - yes: new CA certificates will be trusted and installed;\n"
+" - no : new CA certificates will not be installed by default;\n"
+" - ask: prompt for each new CA certificate."
+msgstr ""
+" - ano: důvěřujete novým certifikátům a budou nainstalovány.\n"
+" - ne: nové certifikáty nebudou implicitně instalovány.\n"
+" - zeptat se: zeptá se na každý nový certifikát individuálně."
+
+#. Type: multiselect
+#. Description
+#: ../templates:4001
+msgid "New certificates to activate:"
+msgstr "Nové certifikáty, které se mají aktivovat:"
+
+#. Type: multiselect
+#. Description
+#: ../templates:4001
+msgid ""
+"During upgrades, new certificates will be added. Please choose those you "
+"trust."
+msgstr ""
+"Během aktualizace budou přidány nové certifikáty. Vyberte prosím ty, kterým "
+"důvěřujete."
+
+#. Type: multiselect
+#. Description
+#: ../templates:5001
+msgid "Certificates to activate:"
+msgstr "Certifikáty, které se mají aktivovat:"
+
+#. Type: multiselect
+#. Description
+#: ../templates:5001
+msgid ""
+"This package installs common CA (Certificate Authority) certificates in /usr/"
+"share/ca-certificates."
+msgstr ""
+"Tento balík instaluje běžné certifikáty certifikačních autorit (CA) do /usr/"
+"share/ca-certificates."
+
+#. Type: multiselect
+#. Description
+#: ../templates:5001
+msgid ""
+"Please select the certificate authorities you trust so that their "
+"certificates are installed into /etc/ssl/certs. They will be compiled into a "
+"single /etc/ssl/certs/ca-certificates.crt file."
+msgstr ""
+"Vyberte prosím certifikační autority, kterým věříte a jejichž certifikáty se "
+"mají nainstalovat do /etc/ssl/certs. Vybrané certifikáty budou sloučeny do "
+"jediného souboru /etc/ssl/certs/ca-certificates.crt."
+
+#~ msgid "yes, no, ask"
+#~ msgstr "ano, ne, zeptat se"
diff --git a/debian/po/da.po b/debian/po/da.po
new file mode 100644
index 0000000..a808e9b
--- /dev/null
+++ b/debian/po/da.po
@@ -0,0 +1,119 @@
+# Danish translation ca-certificates.
+# Copyright (C) 2011 ca-certificates & nedenstående oversættere.
+# This file is distributed under the same license as the ca-certificates package.
+# Claus Hindsgaul <claus.hindsgaul@gmail.com>, 2004, 2006.
+# Joe Hansen <joedalton2@yahoo.dk>, 2010, 2011.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: ca-certificates_20031007_templates\n"
+"Report-Msgid-Bugs-To: ca-certificates@packages.debian.org\n"
+"POT-Creation-Date: 2011-10-22 14:41+0200\n"
+"PO-Revision-Date: 2011-10-09 19:21+0100\n"
+"Last-Translator: Joe Hansen <joedalton2@yahoo.dk>\n"
+"Language-Team: Danish <debian-l10n-danish@lists.debian.org>\n"
+"Language: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. Type: title
+#. Description
+#: ../templates:2001
+msgid "ca-certificates configuration"
+msgstr "konfiguration af ca-certificates"
+
+#. Type: select
+#. Choices
+#: ../templates:3001
+msgid "yes"
+msgstr "ja"
+
+#. Type: select
+#. Choices
+#: ../templates:3001
+msgid "no"
+msgstr "nej"
+
+#. Type: select
+#. Choices
+#: ../templates:3001
+msgid "ask"
+msgstr "spørg"
+
+#. Type: select
+#. Description
+#: ../templates:3002
+msgid "Trust new certificates from certificate authorities?"
+msgstr "Stol på nye certifikater fra certifikatautoriteter?"
+
+#. Type: select
+#. Description
+#: ../templates:3002
+msgid ""
+"This package may install new CA (Certificate Authority) certificates when "
+"upgrading. You may want to check such new CA certificates and select only "
+"certificates that you trust."
+msgstr ""
+"Denne pakke kan installere nye CA-certifikater (Certificate Authority), "
+"under opgraderinger. Måske vil du gerne tjekke sådanne nye CA-certifikater "
+"og kun vælge de certifikater, du stoler på."
+
+#. Type: select
+#. Description
+#: ../templates:3002
+msgid ""
+" - yes: new CA certificates will be trusted and installed;\n"
+" - no : new CA certificates will not be installed by default;\n"
+" - ask: prompt for each new CA certificate."
+msgstr ""
+" - ja: Nye CA-certifikater vil blive installeret og stolet på.\n"
+" - nej: Nye CA-certifikater vil som udgangspunkt ikke blive installeret.\n"
+" - spørg: Spørger om du vil stole på hvert enkelt nyt CA-certifikat eller ej."
+
+#. Type: multiselect
+#. Description
+#: ../templates:4001
+msgid "New certificates to activate:"
+msgstr "Nye certifikater at aktivere:"
+
+#. Type: multiselect
+#. Description
+#: ../templates:4001
+msgid ""
+"During upgrades, new certificates will be added. Please choose those you "
+"trust."
+msgstr ""
+"Under opgraderinger vil nye certifikater blive tilføjet. Vælg venligt dem du "
+"stoler på."
+
+#. Type: multiselect
+#. Description
+#: ../templates:5001
+msgid "Certificates to activate:"
+msgstr "Certifikater at aktivere:"
+
+#. Type: multiselect
+#. Description
+#: ../templates:5001
+msgid ""
+"This package installs common CA (Certificate Authority) certificates in /usr/"
+"share/ca-certificates."
+msgstr ""
+"Denne pakke installerer udbredte CA-certifikater (Certificate Authority) i /"
+"usr/share/ca-certificates."
+
+#. Type: multiselect
+#. Description
+#: ../templates:5001
+msgid ""
+"Please select the certificate authorities you trust so that their "
+"certificates are installed into /etc/ssl/certs. They will be compiled into a "
+"single /etc/ssl/certs/ca-certificates.crt file."
+msgstr ""
+"Vælg venligst de certifikatautoriteter du stoler på, så deres certifikater "
+"installeres i /etc/ssl/certs. De vil blive kompileret til en enkelt fil /etc/"
+"ssl/certs/ca-certificates.crt."
+
+#~ msgid "yes, no, ask"
+#~ msgstr "ja, nej, spørg"
diff --git a/debian/po/de.po b/debian/po/de.po
new file mode 100644
index 0000000..8e81eec
--- /dev/null
+++ b/debian/po/de.po
@@ -0,0 +1,144 @@
+# German translation of ca-certificates templates
+# Erik Schanze <eriks@debian.org>, 2004-2006.
+# Helge Kreutzmann <debian@helgefjell.de>, 2007, 2011.
+# This file is distributed under the same license as the ca-certificates package.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: ca-certificates 20110502\n"
+"Report-Msgid-Bugs-To: ca-certificates@packages.debian.org\n"
+"POT-Creation-Date: 2011-10-22 14:41+0200\n"
+"PO-Revision-Date: 2011-07-15 21:45+0200\n"
+"Last-Translator: Helge Kreutzmann <debian@helgefjell.de>\n"
+"Language-Team: German <debian-l10n-german@lists.debian.org>\n"
+"Language: de\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: KBabel 1.11.4\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+
+#. Type: title
+#. Description
+#: ../templates:2001
+msgid "ca-certificates configuration"
+msgstr "ca-certificates-Konfiguration"
+
+#. Type: select
+#. Choices
+#: ../templates:3001
+msgid "yes"
+msgstr "Ja"
+
+#. Type: select
+#. Choices
+#: ../templates:3001
+msgid "no"
+msgstr "Nein"
+
+#. Type: select
+#. Choices
+#: ../templates:3001
+msgid "ask"
+msgstr "Fragen"
+
+#. Type: select
+#. Description
+#: ../templates:3002
+msgid "Trust new certificates from certificate authorities?"
+msgstr "Neuen Zertifikaten von Zertifizierungsstellen vertrauen?"
+
+#. Type: select
+#. Description
+#: ../templates:3002
+msgid ""
+"This package may install new CA (Certificate Authority) certificates when "
+"upgrading. You may want to check such new CA certificates and select only "
+"certificates that you trust."
+msgstr ""
+"Dieses Paket kann neue Zertifikate von CAs (Zertifizierungsstellen) "
+"installieren, wenn ein Upgrade durchgeführt wird. Sie sollten solche neuen "
+"CA-Zertifikate vielleicht prüfen und nur Zertifikate auswählen, denen Sie "
+"vertrauen."
+
+#. Type: select
+#. Description
+#: ../templates:3002
+msgid ""
+" - yes: new CA certificates will be trusted and installed;\n"
+" - no : new CA certificates will not be installed by default;\n"
+" - ask: prompt for each new CA certificate."
+msgstr ""
+" - Ja : neuen CA-Zertifikaten wird vertraut und sie werden installiert;\n"
+" - Nein : neue CA-Zertifikate werden standardmäßig nicht installiert;\n"
+" - Fragen: fragt bei jedem neuen CA-Zertifikat nach."
+
+#. Type: multiselect
+#. Description
+#: ../templates:4001
+msgid "New certificates to activate:"
+msgstr "Zu aktivierende neue Zertifikate:"
+
+#. Type: multiselect
+#. Description
+#: ../templates:4001
+msgid ""
+"During upgrades, new certificates will be added. Please choose those you "
+"trust."
+msgstr ""
+"Während Upgrades werden neue Zertifikate hinzugefügt. Bitte wählen Sie "
+"diejenigen aus, denen Sie vertrauen."
+
+#. Type: multiselect
+#. Description
+#: ../templates:5001
+msgid "Certificates to activate:"
+msgstr "Zu aktivierende Zertifikate:"
+
+#. Type: multiselect
+#. Description
+#: ../templates:5001
+msgid ""
+"This package installs common CA (Certificate Authority) certificates in /usr/"
+"share/ca-certificates."
+msgstr ""
+"Dieses Paket installiert gebräuchliche Zertifikate von CAs "
+"(Zertifizierungsstellen) unter /usr/share/ca-certificates."
+
+#. Type: multiselect
+#. Description
+#: ../templates:5001
+msgid ""
+"Please select the certificate authorities you trust so that their "
+"certificates are installed into /etc/ssl/certs. They will be compiled into a "
+"single /etc/ssl/certs/ca-certificates.crt file."
+msgstr ""
+"Bitte wählen Sie die Zertifizierungsstellen aus, denen Sie vertrauen, damit "
+"deren Zertifikate in /etc/ssl/certs installiert werden. Sie werden in eine "
+"einzige Datei /etc/ssl/certs/ca-certificates.crt zusammengestellt."
+
+#~ msgid "yes, no, ask"
+#~ msgstr "Ja, Nein, Fragen"
+
+#~ msgid "${new_crts}"
+#~ msgstr "${new_crts}"
+
+#~ msgid "${enable_crts}"
+#~ msgstr "${enable_crts}"
+
+#~ msgid "Select new certificates to activate:"
+#~ msgstr "Neue Zertifikate zum Aktivieren auswählen:"
+
+#~ msgid ""
+#~ "This package installs common CA (Certificate Authority) certificates in /"
+#~ "usr/share/ca-certificates. You can select certs from these available "
+#~ "certs to be installed into /etc/ssl/certs. This package will make "
+#~ "symlinks and generate a single file of all your selected certs, /etc/ssl/"
+#~ "certs/ca-certificates.crt."
+#~ msgstr ""
+#~ "Dieses Paket installiert Zertifikate allgemeiner CAs "
+#~ "(Zertifizierungsstellen) ins Verzeichnis /usr/share/ca-certificates. Sie "
+#~ "können Zertifikate aus dieser Liste auswählen, die ins Verzeichnis /etc/"
+#~ "ssl/certs installiert werden. Dieses Paket erstellt symbolische Verweise "
+#~ "und erzeugt die Datei /etc/ssl/certs/ca-certificates.crt mit allen "
+#~ "ausgewählten Zertifikaten."
diff --git a/debian/po/es.po b/debian/po/es.po
new file mode 100644
index 0000000..da44903
--- /dev/null
+++ b/debian/po/es.po
@@ -0,0 +1,168 @@
+# ca-certificates po-debconf translation to Spanish
+# Copyright (C) 2005-2007 Software in the Public Interest
+# This file is distributed under the same license as the ca-certificates package.
+#
+# Changes:
+# - Initial translation
+# César Gómez Martín <cesar.gomez@gmail.com>
+# - Update
+# Javier Fernández-Sanguino <jfs@debian.org>, 2006-2011
+#
+# Traductores, si no conoce el formato PO, merece la pena leer la
+# documentación de gettext, especialmente las secciones dedicadas a este
+# formato, por ejemplo ejecutando:
+# info -n '(gettext)PO Files'
+# info -n '(gettext)Header Entry'
+# Equipo de traducción al español, por favor, lean antes de traducir
+# los siguientes documentos:
+#
+# - El proyecto de traducción de Debian al español
+# http://www.debian.org/intl/spanish/
+# especialmente las notas de traducción en
+# http://www.debian.org/intl/spanish/notas
+#
+# - La guía de traducción de po's de debconf:
+# /usr/share/doc/po-debconf/README-trans
+# o http://www.debian.org/intl/l10n/po-debconf/README-trans
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: ca-certificates\n"
+"Report-Msgid-Bugs-To: ca-certificates@packages.debian.org\n"
+"POT-Creation-Date: 2011-10-22 14:41+0200\n"
+"PO-Revision-Date: 2011-09-21 23:37+0200\n"
+"Last-Translator: Javier Fernández-Sanguino <jfs@debian.org>\n"
+"Language-Team: Debian l10n spanish <debian-l10n-spanish@lists.debian.org>\n"
+"Language: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=utf-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Poedit-Language: Spanish\n"
+"X-Poedit-Country: SPAIN\n"
+"X-Poedit-SourceCharset: utf-8\n"
+
+#. Type: title
+#. Description
+#: ../templates:2001
+msgid "ca-certificates configuration"
+msgstr "Configuración de ca-certificates"
+
+#. Type: select
+#. Choices
+#: ../templates:3001
+msgid "yes"
+msgstr "sí"
+
+#. Type: select
+#. Choices
+#: ../templates:3001
+msgid "no"
+msgstr "no"
+
+#. Type: select
+#. Choices
+#: ../templates:3001
+msgid "ask"
+msgstr "preguntar"
+
+#. Type: select
+#. Description
+#: ../templates:3002
+msgid "Trust new certificates from certificate authorities?"
+msgstr ""
+"¿Desea confiar en los nuevos certificados de las autoridades de "
+"certificación?"
+
+#. Type: select
+#. Description
+#: ../templates:3002
+msgid ""
+"This package may install new CA (Certificate Authority) certificates when "
+"upgrading. You may want to check such new CA certificates and select only "
+"certificates that you trust."
+msgstr ""
+"Este paquete puede que instale nuevos certificados de CA (Autoridad "
+"Certificadora) al actualizarse. Quizás quiera comprobar esos nuevos "
+"certificados CA y seleccionar sólo los certificados en los que confíe."
+
+#. Type: select
+#. Description
+#: ../templates:3002
+msgid ""
+" - yes: new CA certificates will be trusted and installed;\n"
+" - no : new CA certificates will not be installed by default;\n"
+" - ask: prompt for each new CA certificate."
+msgstr ""
+" - sí: se confiará en los nuevos certificados de CA y se instalarán.\n"
+" - no: los nuevos certificados de CA no se instalarán por omisión.\n"
+" - preguntar: se hará la pregunta para cada nuevo certificado de CA."
+
+#. Type: multiselect
+#. Description
+#: ../templates:4001
+msgid "New certificates to activate:"
+msgstr "Nuevos certificados a activar:"
+
+#. Type: multiselect
+#. Description
+#: ../templates:4001
+msgid ""
+"During upgrades, new certificates will be added. Please choose those you "
+"trust."
+msgstr ""
+"Se añadirán estos certificados durante la actualización. Escoja de la lista "
+"aquellos en los que confía."
+
+#. Type: multiselect
+#. Description
+#: ../templates:5001
+msgid "Certificates to activate:"
+msgstr "Certificados a activar:"
+
+#. Type: multiselect
+#. Description
+#: ../templates:5001
+msgid ""
+"This package installs common CA (Certificate Authority) certificates in /usr/"
+"share/ca-certificates."
+msgstr ""
+"Este paquete instala certificados comunes de CA (Autoridad Certificadora) "
+"en /usr/share/ca-certificates."
+
+#. Type: multiselect
+#. Description
+#: ../templates:5001
+msgid ""
+"Please select the certificate authorities you trust so that their "
+"certificates are installed into /etc/ssl/certs. They will be compiled into a "
+"single /etc/ssl/certs/ca-certificates.crt file."
+msgstr ""
+"Escoja las autoridades de certificación en las que confía para instalarlas "
+"en «/etc/ssl/certs». Se incluirán todas en un único archivo «/etc/ssl/certs/"
+"ca-certificates.crt»."
+
+#~ msgid "yes, no, ask"
+#~ msgstr "sí, no, preguntar"
+
+#~ msgid "${new_crts}"
+#~ msgstr "${new_crts}"
+
+#~ msgid "${enable_crts}"
+#~ msgstr "${enable_crts}"
+
+#~ msgid "Select new certificates to activate:"
+#~ msgstr "Seleccione los nuevos certificados que quiere activar:"
+
+#~ msgid ""
+#~ "This package installs common CA (Certificate Authority) certificates in /"
+#~ "usr/share/ca-certificates. You can select certs from these available "
+#~ "certs to be installed into /etc/ssl/certs. This package will make "
+#~ "symlinks and generate a single file of all your selected certs, /etc/ssl/"
+#~ "certs/ca-certificates.crt."
+#~ msgstr ""
+#~ "Este paquete instala certificados de CA («Certificate Authority», o "
+#~ "Autoridad Certificadora) comunes en /usr/share/ca-certificates. Puede "
+#~ "seleccionar certificados de entre los que estan disponibles para "
+#~ "instalarlos en /etc/ssl/certs. Este paquete hará enlaces simbólicos y con "
+#~ "cada uno de los certificados seleccionados generará un único fichero cuya "
+#~ "ruta es /etc/ssl/certs/ca-certificates.crt."
diff --git a/debian/po/eu.po b/debian/po/eu.po
new file mode 100644
index 0000000..02fc1e8
--- /dev/null
+++ b/debian/po/eu.po
@@ -0,0 +1,125 @@
+# translation of eu.po to Euskara
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+#
+# Piarres Beobide <pi@beobide.net>, 2007.
+msgid ""
+msgstr ""
+"Project-Id-Version: eu\n"
+"Report-Msgid-Bugs-To: ca-certificates@packages.debian.org\n"
+"POT-Creation-Date: 2011-10-22 14:41+0200\n"
+"PO-Revision-Date: 2007-07-27 11:55+0200\n"
+"Last-Translator: Piarres Beobide <pi@beobide.net>\n"
+"Language-Team: Euskara <Librezale@librezale.org>\n"
+"Language: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: KBabel 1.11.4\n"
+
+#. Type: title
+#. Description
+#: ../templates:2001
+msgid "ca-certificates configuration"
+msgstr ""
+
+#. Type: select
+#. Choices
+#: ../templates:3001
+msgid "yes"
+msgstr "bai"
+
+#. Type: select
+#. Choices
+#: ../templates:3001
+msgid "no"
+msgstr "ez"
+
+#. Type: select
+#. Choices
+#: ../templates:3001
+msgid "ask"
+msgstr "galdetu"
+
+#. Type: select
+#. Description
+#: ../templates:3002
+msgid "Trust new certificates from certificate authorities?"
+msgstr "Ziurtagiri autoritateen ziurtagiri berrietaz fidatu?"
+
+#. Type: select
+#. Description
+#: ../templates:3002
+msgid ""
+"This package may install new CA (Certificate Authority) certificates when "
+"upgrading. You may want to check such new CA certificates and select only "
+"certificates that you trust."
+msgstr ""
+"Pakete honek ZA (Ziurtagiri Autoritate) berri ziurtagiriak instala ditzake "
+"bertsio berritzean. Agian ZA ziurtagiri hauek arakatu eta fidatzen zarenetaz "
+"bakarrik hautatu ditzakezu."
+
+#. Type: select
+#. Description
+#: ../templates:3002
+msgid ""
+" - yes: new CA certificates will be trusted and installed;\n"
+" - no : new CA certificates will not be installed by default;\n"
+" - ask: prompt for each new CA certificate."
+msgstr ""
+" - bai: ZA berrietako ziurtagiriak instalatu eta fidagarriak dira;\n"
+" - ez: lehenespen bezala ZA berrietako ziurtagiriak ez dira instalatuko\n"
+" - galdetu: ZA berrietako ziuratgiri bakoitzean galdetu."
+
+#. Type: multiselect
+#. Description
+#: ../templates:4001
+msgid "New certificates to activate:"
+msgstr "Gaitzeko ziurtagiri berriak:"
+
+#. Type: multiselect
+#. Description
+#: ../templates:4001
+msgid ""
+"During upgrades, new certificates will be added. Please choose those you "
+"trust."
+msgstr ""
+"Bertsio berritzeetan, ziurtagiri berriak gehituko dira, Mesedez hautatu "
+"zeinetaz fidatzen zaren."
+
+#. Type: multiselect
+#. Description
+#: ../templates:5001
+msgid "Certificates to activate:"
+msgstr "Gaitzeko Ziurtagiriak:"
+
+#. Type: multiselect
+#. Description
+#: ../templates:5001
+msgid ""
+"This package installs common CA (Certificate Authority) certificates in /usr/"
+"share/ca-certificates."
+msgstr ""
+"Pakete honek ZA (Ziurtagiri Autoritate) arrunt ziurtagiriak /usr/share/ca-"
+"certificates direktorioan gordeko ditu,"
+
+#. Type: multiselect
+#. Description
+#: ../templates:5001
+msgid ""
+"Please select the certificate authorities you trust so that their "
+"certificates are installed into /etc/ssl/certs. They will be compiled into a "
+"single /etc/ssl/certs/ca-certificates.crt file."
+msgstr ""
+"Mesedez hautatu fidagarri zaizkizun ziurtagiri autoritateak /etc/ssl/certs-"
+"en instala daitezen. /etc/ssl/certs/ca-certificates fitxategi soilean "
+"konpilatuko dira."
+
+#~ msgid "yes, no, ask"
+#~ msgstr "bai, ez, galdetu"
+
+#~ msgid "${new_crts}"
+#~ msgstr "${new_crts}"
+
+#~ msgid "${enable_crts}"
+#~ msgstr "${enable_crts}"
diff --git a/debian/po/fi.po b/debian/po/fi.po
new file mode 100644
index 0000000..ed02faf
--- /dev/null
+++ b/debian/po/fi.po
@@ -0,0 +1,137 @@
+msgid ""
+msgstr ""
+"Project-Id-Version: ca-certificates\n"
+"Report-Msgid-Bugs-To: ca-certificates@packages.debian.org\n"
+"POT-Creation-Date: 2011-10-22 14:41+0200\n"
+"PO-Revision-Date: 2007-11-01 11:21+0200\n"
+"Last-Translator: Esko Arajärvi <edu@iki.fi>\n"
+"Language-Team: Finnish <debian-l10n-finnish@lists.debian.org>\n"
+"Language: fi\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Poedit-Language: Finnish\n"
+"X-Poedit-Country: FINLAND\n"
+
+#. Type: title
+#. Description
+#: ../templates:2001
+msgid "ca-certificates configuration"
+msgstr ""
+
+#. Type: select
+#. Choices
+#: ../templates:3001
+msgid "yes"
+msgstr "kyllä"
+
+#. Type: select
+#. Choices
+#: ../templates:3001
+msgid "no"
+msgstr "ei"
+
+#. Type: select
+#. Choices
+#: ../templates:3001
+msgid "ask"
+msgstr "kysy"
+
+#. Type: select
+#. Description
+#: ../templates:3002
+msgid "Trust new certificates from certificate authorities?"
+msgstr "Luotetaanko varmentajien uusiin varmenteisiin?"
+
+#. Type: select
+#. Description
+#: ../templates:3002
+msgid ""
+"This package may install new CA (Certificate Authority) certificates when "
+"upgrading. You may want to check such new CA certificates and select only "
+"certificates that you trust."
+msgstr ""
+"Tämä paketti saattaa asentaa uusia CA-varmenteita (Certificate Authority, "
+"varmentaja) päivitettäessä. Saatat haluta tarkistaa tällaiset uudet CA-"
+"varmenteet ja valita vain ne varmenteet, joihin luotat."
+
+#. Type: select
+#. Description
+#: ../templates:3002
+msgid ""
+" - yes: new CA certificates will be trusted and installed;\n"
+" - no : new CA certificates will not be installed by default;\n"
+" - ask: prompt for each new CA certificate."
+msgstr ""
+" - kyllä: uusiin CA-varmenteisiin luotetaan ja ne asennetaan\n"
+" - ei: uusia CA-varmenteita ei oletuksena asenneta\n"
+" - kysy: kunkin uuden CA-varmenteen kohdalla kysytään erikseen"
+
+#. Type: multiselect
+#. Description
+#: ../templates:4001
+msgid "New certificates to activate:"
+msgstr "Uudet aktivoitavat varmenteet:"
+
+#. Type: multiselect
+#. Description
+#: ../templates:4001
+msgid ""
+"During upgrades, new certificates will be added. Please choose those you "
+"trust."
+msgstr ""
+"Päivitysten yhteydessä lisätään uusia varmenteita. Valitse ne, joihin luotat."
+
+#. Type: multiselect
+#. Description
+#: ../templates:5001
+msgid "Certificates to activate:"
+msgstr "Aktivoitavat varmenteet:"
+
+#. Type: multiselect
+#. Description
+#: ../templates:5001
+msgid ""
+"This package installs common CA (Certificate Authority) certificates in /usr/"
+"share/ca-certificates."
+msgstr ""
+"Tämä paketti asentaa yleisiä CA-varmenteita (Certificate Authority, "
+"varmentaja) hakemistoon /usr/share/ca-certificates."
+
+#. Type: multiselect
+#. Description
+#: ../templates:5001
+msgid ""
+"Please select the certificate authorities you trust so that their "
+"certificates are installed into /etc/ssl/certs. They will be compiled into a "
+"single /etc/ssl/certs/ca-certificates.crt file."
+msgstr ""
+"Valitse varmentajat, joihin luotat. Heidän varmenteensa asennetaan "
+"hakemistoon /etc/ssl/certs. Ne kootaan yhteen tiedostoon /etc/ssl/certs/ca-"
+"certificates.crt."
+
+#~ msgid "yes, no, ask"
+#~ msgstr "kyllä, ei, kysy"
+
+#~ msgid "${new_crts}"
+#~ msgstr "${new_crts}"
+
+#~ msgid "${enable_crts}"
+#~ msgstr "${enable_crts}"
+
+#~ msgid "Select new certificates to activate:"
+#~ msgstr "Valitse uudet aktivoitavat varmenteet:"
+
+#~ msgid ""
+#~ "This package installs common CA (Certificate Authority) certificates in /"
+#~ "usr/share/ca-certificates. You can select certs from these available "
+#~ "certs to be installed into /etc/ssl/certs. This package will make "
+#~ "symlinks and generate a single file of all your selected certs, /etc/ssl/"
+#~ "certs/ca-certificates.crt."
+#~ msgstr ""
+#~ "Tämä paketti asentaa yleisiä CA-varmenteita (Certificate Authority) "
+#~ "hakemistoon /usr/share/ca-certificates. Voit valita mitkä näistä "
+#~ "saatavilla olevista varmenteista asennetaan hakemistoon /etc/ssl/certs. "
+#~ "Tämä paketti tekee valitsemistasi varmenteista symboliset linkit ja luo "
+#~ "yhden tiedoston /etc/ssl/certs/ca-certificates.crt, jossa ovat kaikki "
+#~ "valitsemasi varmenteet."
diff --git a/debian/po/fr.po b/debian/po/fr.po
new file mode 100644
index 0000000..3a61825
--- /dev/null
+++ b/debian/po/fr.po
@@ -0,0 +1,128 @@
+# Translation of ca-certificates debconf templates to French
+# Copyright (C) 2006, 2007 Debian French l10n team <debian-l10n-french@lists.debian.org>
+# This file is distributed under the same license as the gdebi package.
+#
+# This file is licensed under the same license as the ca-certificates package
+# Christian Perrier <bubulle@debian.org>, 2006, 2007, 2011.
+msgid ""
+msgstr ""
+"Project-Id-Version: \n"
+"Report-Msgid-Bugs-To: ca-certificates@packages.debian.org\n"
+"POT-Creation-Date: 2011-10-22 14:41+0200\n"
+"PO-Revision-Date: 2011-07-16 21:04+0200\n"
+"Last-Translator: Christian Perrier <bubulle@debian.org>\n"
+"Language-Team: French <debian-l10n-french@lists.debian.org>\n"
+"Language: fr\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Lokalize 1.2\n"
+"Plural-Forms: nplurals=2; plural=(n > 1);\n"
+
+#. Type: title
+#. Description
+#: ../templates:2001
+msgid "ca-certificates configuration"
+msgstr "Configuration de ca-certificates"
+
+#. Type: select
+#. Choices
+#: ../templates:3001
+msgid "yes"
+msgstr "Oui"
+
+#. Type: select
+#. Choices
+#: ../templates:3001
+msgid "no"
+msgstr "Non"
+
+#. Type: select
+#. Choices
+#: ../templates:3001
+msgid "ask"
+msgstr "Demander"
+
+#. Type: select
+#. Description
+#: ../templates:3002
+msgid "Trust new certificates from certificate authorities?"
+msgstr "Faut-il accepter les nouveaux certificats de tiers de confiance ?"
+
+#. Type: select
+#. Description
+#: ../templates:3002
+msgid ""
+"This package may install new CA (Certificate Authority) certificates when "
+"upgrading. You may want to check such new CA certificates and select only "
+"certificates that you trust."
+msgstr ""
+"Ce paquet peut installer des certificats de nouveaux tiers de confiance "
+"(« Certificate Authority ») lors de ses mises à jour. Vous pouvez souhaiter "
+"vérifier ces nouveaux certificats et ne choisir que ceux que vous acceptez."
+
+#. Type: select
+#. Description
+#: ../templates:3002
+msgid ""
+" - yes: new CA certificates will be trusted and installed;\n"
+" - no : new CA certificates will not be installed by default;\n"
+" - ask: prompt for each new CA certificate."
+msgstr ""
+" - Oui  : les nouveaux certificats seront acceptés et installés ;\n"
+" - Non  : les nouveaux certificats ne seront pas installés par défaut ;\n"
+" - Demander : l'agrément de chacun des nouveaux certificats vous sera\n"
+" demandé."
+
+#. Type: multiselect
+#. Description
+#: ../templates:4001
+msgid "New certificates to activate:"
+msgstr "Nouveaux certificats à accepter :"
+
+#. Type: multiselect
+#. Description
+#: ../templates:4001
+msgid ""
+"During upgrades, new certificates will be added. Please choose those you "
+"trust."
+msgstr ""
+"Lors de cette mise à jour, de nouveaux certificats ont été ajoutés. Veuillez "
+"choisir si vous les acceptez."
+
+#. Type: multiselect
+#. Description
+#: ../templates:5001
+msgid "Certificates to activate:"
+msgstr "Certificats à accepter :"
+
+#. Type: multiselect
+#. Description
+#: ../templates:5001
+msgid ""
+"This package installs common CA (Certificate Authority) certificates in /usr/"
+"share/ca-certificates."
+msgstr ""
+"Ce paquet peut installer des certificats de nouveaux tiers de confiance "
+"(« Certificate Authority ») dans /usr/share/ca-certificates."
+
+#. Type: multiselect
+#. Description
+#: ../templates:5001
+msgid ""
+"Please select the certificate authorities you trust so that their "
+"certificates are installed into /etc/ssl/certs. They will be compiled into a "
+"single /etc/ssl/certs/ca-certificates.crt file."
+msgstr ""
+"Veuillez choisir les tiers de confiance que vous agréez afin que leurs "
+"certificats soient installés dans /etc/ssl/certs. Ils seront rassemblés dans "
+"un seul fichier nommé /etc/ssl/certs/ca-certificates.crt."
+
+#~ msgid "yes, no, ask"
+#~ msgstr "Oui, Non, Demander"
+
+#~ msgid "${new_crts}"
+#~ msgstr "${new_crts}"
+
+#~ msgid "${enable_crts}"
+#~ msgstr "${enable_crts}"
diff --git a/debian/po/gl.po b/debian/po/gl.po
new file mode 100644
index 0000000..c32961d
--- /dev/null
+++ b/debian/po/gl.po
@@ -0,0 +1,129 @@
+# Galician translation of ca-certificates's debconf templates
+# This file is distributed under the same license as the ca-certificates package.
+#
+# Jacobo Tarrio <jtarrio@debian.org>, 2007.
+# Jorge Barreiro <yortx.barry@gmail.com>, 2011.
+msgid ""
+msgstr ""
+"Project-Id-Version: ca-certificates\n"
+"Report-Msgid-Bugs-To: ca-certificates@packages.debian.org\n"
+"POT-Creation-Date: 2011-10-22 14:41+0200\n"
+"PO-Revision-Date: 2011-10-02 14:02+0200\n"
+"Last-Translator: Jorge Barreiro <yortx.barry@gmail.com>\n"
+"Language-Team: Galician <proxecto@trasno.net>\n"
+"Language: gl\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Lokalize 1.0\n"
+"Plural-Forms: nplurals=2; plural=n != 1;\n"
+
+#. Type: title
+#. Description
+#: ../templates:2001
+msgid "ca-certificates configuration"
+msgstr "Configuración dos certificados das entidades de acreditación (EA)"
+
+#. Type: select
+#. Choices
+#: ../templates:3001
+msgid "yes"
+msgstr "si"
+
+#. Type: select
+#. Choices
+#: ../templates:3001
+msgid "no"
+msgstr "non"
+
+#. Type: select
+#. Choices
+#: ../templates:3001
+msgid "ask"
+msgstr "preguntar"
+
+#. Type: select
+#. Description
+#: ../templates:3002
+msgid "Trust new certificates from certificate authorities?"
+msgstr "Confiar nos novos certificados das entidades de acreditación?"
+
+#. Type: select
+#. Description
+#: ../templates:3002
+msgid ""
+"This package may install new CA (Certificate Authority) certificates when "
+"upgrading. You may want to check such new CA certificates and select only "
+"certificates that you trust."
+msgstr ""
+"Este paquete pode instalar novos certificados de entidades de acreditación "
+"(EA) ao actualizar. Pode querer comprobar eses novos certificados e escoller "
+"só nos que confíe."
+
+#. Type: select
+#. Description
+#: ../templates:3002
+msgid ""
+" - yes: new CA certificates will be trusted and installed;\n"
+" - no : new CA certificates will not be installed by default;\n"
+" - ask: prompt for each new CA certificate."
+msgstr ""
+" - si : hase confiar e instalar os novos certificados de entidades de "
+"acreditación.\n"
+" - non : non se han instalar por defecto os novos certificados de "
+"entidades de acreditación.\n"
+" - preguntar: preguntar por cada novo certificado dunha entidade de "
+"acreditación."
+
+#. Type: multiselect
+#. Description
+#: ../templates:4001
+msgid "New certificates to activate:"
+msgstr "Novos certificados a activar:"
+
+#. Type: multiselect
+#. Description
+#: ../templates:4001
+msgid ""
+"During upgrades, new certificates will be added. Please choose those you "
+"trust."
+msgstr ""
+"Durante as anovacións engadiranse novos certificados. Indique os "
+"certificados nos que confía."
+
+#. Type: multiselect
+#. Description
+#: ../templates:5001
+msgid "Certificates to activate:"
+msgstr "Certificados a activar:"
+
+#. Type: multiselect
+#. Description
+#: ../templates:5001
+msgid ""
+"This package installs common CA (Certificate Authority) certificates in /usr/"
+"share/ca-certificates."
+msgstr ""
+"Este paquete instala certificados de entidades de acreditación comúns en /"
+"usr/share/ca-certificates."
+
+#. Type: multiselect
+#. Description
+#: ../templates:5001
+msgid ""
+"Please select the certificate authorities you trust so that their "
+"certificates are installed into /etc/ssl/certs. They will be compiled into a "
+"single /etc/ssl/certs/ca-certificates.crt file."
+msgstr ""
+"Escolla as entidades de acreditación nas que confía para instalar os seus "
+"certificados en /etc/ssl/certs. Hanse reunir todos nun só ficheiro /etc/ssl/"
+"certs/ca-certificates.crt."
+
+#~ msgid "yes, no, ask"
+#~ msgstr "si, non, preguntar"
+
+#~ msgid "${new_crts}"
+#~ msgstr "${new_crts}"
+
+#~ msgid "${enable_crts}"
+#~ msgstr "${enable_crts}"
diff --git a/debian/po/id.po b/debian/po/id.po
new file mode 100644
index 0000000..f47413e
--- /dev/null
+++ b/debian/po/id.po
@@ -0,0 +1,119 @@
+# Indonesian translation for podebconf ca-certificates template.
+# Copyright (C) 2016 THE ca-certificates COPYRIGHT HOLDER
+# This file is distributed under the same license as the ca-certificates package.
+# Translator:
+# Izharul Haq <atoz.chevara@yahoo.com>, 2016.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: ca-certificates 20160104\n"
+"Report-Msgid-Bugs-To: ca-certificates@packages.debian.org\n"
+"POT-Creation-Date: 2011-10-22 14:41+0200\n"
+"PO-Revision-Date: 2016-08-22 18:31+0700\n"
+"Last-Translator: Izharul Haq <atoz.chevara@yahoo.com>\n"
+"Language-Team: L10N Debian Indonesian <debian-l10n-indonesian@lists.debian."
+"org>\n"
+"Language: id\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Poedit 1.6.10\n"
+"Plural-Forms: nplurals=1; plural=0;\n"
+
+#. Type: title
+#. Description
+#: ../templates:2001
+msgid "ca-certificates configuration"
+msgstr "pengaturan ca-certificates"
+
+#. Type: select
+#. Choices
+#: ../templates:3001
+msgid "yes"
+msgstr "ya"
+
+#. Type: select
+#. Choices
+#: ../templates:3001
+msgid "no"
+msgstr "tidak"
+
+#. Type: select
+#. Choices
+#: ../templates:3001
+msgid "ask"
+msgstr "tanyakan"
+
+#. Type: select
+#. Description
+#: ../templates:3002
+msgid "Trust new certificates from certificate authorities?"
+msgstr "Mempercayai sertifikat baru dari otoritas sertifikat?"
+
+#. Type: select
+#. Description
+#: ../templates:3002
+msgid ""
+"This package may install new CA (Certificate Authority) certificates when "
+"upgrading. You may want to check such new CA certificates and select only "
+"certificates that you trust."
+msgstr ""
+"Paket ini dapat memasang sertifikat CA baru (Otoritas Sertifikat) ketika "
+"melakukan pembaharuan. Anda mungkin ingin memeriksa sertifikat CA baru "
+"tersebut dan memilih hanya sertifikat yang anda percaya."
+
+#. Type: select
+#. Description
+#: ../templates:3002
+msgid ""
+" - yes: new CA certificates will be trusted and installed;\n"
+" - no : new CA certificates will not be installed by default;\n"
+" - ask: prompt for each new CA certificate."
+msgstr ""
+" - ya: setiap sertifikat CA baru selalu dipercaya dan dipasangkan;\n"
+" - tidak : setiap sertifikat CA baru tidak akan dipasang sebagai standar;\n"
+" - tanyakan: konfirmasikan untuk setiap sertifikat CA baru."
+
+#. Type: multiselect
+#. Description
+#: ../templates:4001
+msgid "New certificates to activate:"
+msgstr "Sertifikat baru untuk diaktifkan:"
+
+#. Type: multiselect
+#. Description
+#: ../templates:4001
+msgid ""
+"During upgrades, new certificates will be added. Please choose those you "
+"trust."
+msgstr ""
+"Selama pembaharuan, sertifikat baru akan ditambahkan. Silakan memilih yang "
+"anda percaya."
+
+#. Type: multiselect
+#. Description
+#: ../templates:5001
+msgid "Certificates to activate:"
+msgstr "Sertifikat untuk diaktifkan:"
+
+#. Type: multiselect
+#. Description
+#: ../templates:5001
+msgid ""
+"This package installs common CA (Certificate Authority) certificates in /usr/"
+"share/ca-certificates."
+msgstr ""
+"Paket ini umumnya memasang sertifikat CA (Otoritas Sertifikat) di /usr/share/"
+"ca-certificates."
+
+#. Type: multiselect
+#. Description
+#: ../templates:5001
+msgid ""
+"Please select the certificate authorities you trust so that their "
+"certificates are installed into /etc/ssl/certs. They will be compiled into a "
+"single /etc/ssl/certs/ca-certificates.crt file."
+msgstr ""
+"Silahkan pilih otoritas sertifikat yang anda percaya sehingga sertifikat "
+"akan dipasang ke dalam /etc/ssl/certs. Mereka akan dikompilasi menjadi satu "
+"berkas /etc/ssl/certs/ca-certificates.crt."
diff --git a/debian/po/it.po b/debian/po/it.po
new file mode 100644
index 0000000..5730e7a
--- /dev/null
+++ b/debian/po/it.po
@@ -0,0 +1,123 @@
+# Italian (it) translation of debconf templates for ca-certificates
+# This file is distributed under the same license as the ca-certificates package.
+# Luca Monducci <luca.mo@tiscali.it>, 2007-2011.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: ca-certificates 20110502 italian debconf templates\n"
+"Report-Msgid-Bugs-To: ca-certificates@packages.debian.org\n"
+"POT-Creation-Date: 2011-10-22 14:41+0200\n"
+"PO-Revision-Date: 2011-10-11 18:50+0200\n"
+"Last-Translator: Luca Monducci <luca.mo@tiscali.it>\n"
+"Language-Team: Italian <debian-l10n-italian@lists.debian.org>\n"
+"Language: it\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. Type: title
+#. Description
+#: ../templates:2001
+msgid "ca-certificates configuration"
+msgstr "Configurazione di ca-certificates"
+
+#. Type: select
+#. Choices
+#: ../templates:3001
+msgid "yes"
+msgstr "sì"
+
+#. Type: select
+#. Choices
+#: ../templates:3001
+msgid "no"
+msgstr "no"
+
+#. Type: select
+#. Choices
+#: ../templates:3001
+msgid "ask"
+msgstr "chiedi"
+
+#. Type: select
+#. Description
+#: ../templates:3002
+msgid "Trust new certificates from certificate authorities?"
+msgstr "Fiducia ai certificati delle nuove autorità di certificazione?"
+
+#. Type: select
+#. Description
+#: ../templates:3002
+msgid ""
+"This package may install new CA (Certificate Authority) certificates when "
+"upgrading. You may want to check such new CA certificates and select only "
+"certificates that you trust."
+msgstr ""
+"L'aggiornamento di questo pacchetto potrebbe installare certificati di nuove "
+"CA (Autorità di Certificazione). Si potrebbe voler esaminare i certificati "
+"delle nuove CA e scegliere solo quelli fidati."
+
+#. Type: select
+#. Description
+#: ../templates:3002
+msgid ""
+" - yes: new CA certificates will be trusted and installed;\n"
+" - no : new CA certificates will not be installed by default;\n"
+" - ask: prompt for each new CA certificate."
+msgstr ""
+" - sì : i certificati delle nuove CA sono fidati e installati;\n"
+" - no : i certificati delle nuove CA non vengono installati;\n"
+" - chiedi: per ogni certificato delle nuove CA viene chiesto cosa fare."
+
+#. Type: multiselect
+#. Description
+#: ../templates:4001
+msgid "New certificates to activate:"
+msgstr "Nuovi certificati da attivare:"
+
+#. Type: multiselect
+#. Description
+#: ../templates:4001
+msgid ""
+"During upgrades, new certificates will be added. Please choose those you "
+"trust."
+msgstr ""
+"Con l'aggiornamento, vengono aggiunti dei nuovi certificati. Selezionare "
+"quelli fidati."
+
+#. Type: multiselect
+#. Description
+#: ../templates:5001
+msgid "Certificates to activate:"
+msgstr "Certificati da attivare:"
+
+#. Type: multiselect
+#. Description
+#: ../templates:5001
+msgid ""
+"This package installs common CA (Certificate Authority) certificates in /usr/"
+"share/ca-certificates."
+msgstr ""
+"Questo pacchetto installa i certificati di note CA (Autorità di "
+"Certificazione) in /usr/share/ca-certificates."
+
+#. Type: multiselect
+#. Description
+#: ../templates:5001
+msgid ""
+"Please select the certificate authorities you trust so that their "
+"certificates are installed into /etc/ssl/certs. They will be compiled into a "
+"single /etc/ssl/certs/ca-certificates.crt file."
+msgstr ""
+"Selezionare le autorità di certificazione fidate così da installare i "
+"relativi certificati in /etc/ssl/certs. Questi vengono compilati in un unico "
+"file /etc/ssl/certs/ca-certificates.crt."
+
+#~ msgid "yes, no, ask"
+#~ msgstr "sì, no, chiedi"
+
+#~ msgid "${new_crts}"
+#~ msgstr "${new_crts}"
+
+#~ msgid "${enable_crts}"
+#~ msgstr "${enable_crts}"
diff --git a/debian/po/ja.po b/debian/po/ja.po
new file mode 100644
index 0000000..d3f1487
--- /dev/null
+++ b/debian/po/ja.po
@@ -0,0 +1,125 @@
+#
+# Translators, if you are not familiar with the PO format, gettext
+# documentation is worth reading, especially sections dedicated to
+# this format, e.g. by running:
+# info -n '(gettext)PO Files'
+# info -n '(gettext)Header Entry'
+#
+# Some information specific to po-debconf are available at
+# /usr/share/doc/po-debconf/README-trans
+# or http://www.debian.org/intl/l10n/po-debconf/README-trans
+#
+# Developers do not need to manually edit POT or PO files.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: ca-certificates\n"
+"Report-Msgid-Bugs-To: ca-certificates@packages.debian.org\n"
+"POT-Creation-Date: 2011-10-22 14:41+0200\n"
+"PO-Revision-Date: 2011-10-09 22:57+0900\n"
+"Last-Translator: Kenshi Muto <kmuto@debian.org>\n"
+"Language-Team: Japanese <debian-japanese@lists.debian.org>\n"
+"Language: ja\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. Type: title
+#. Description
+#: ../templates:2001
+msgid "ca-certificates configuration"
+msgstr "ca-certificates の設定"
+
+#. Type: select
+#. Choices
+#: ../templates:3001
+msgid "yes"
+msgstr "はい"
+
+#. Type: select
+#. Choices
+#: ../templates:3001
+msgid "no"
+msgstr "いいえ"
+
+#. Type: select
+#. Choices
+#: ../templates:3001
+msgid "ask"
+msgstr "質問する"
+
+#. Type: select
+#. Description
+#: ../templates:3002
+msgid "Trust new certificates from certificate authorities?"
+msgstr "証明機関からの新しい証明書を信用しますか?"
+
+#. Type: select
+#. Description
+#: ../templates:3002
+msgid ""
+"This package may install new CA (Certificate Authority) certificates when "
+"upgrading. You may want to check such new CA certificates and select only "
+"certificates that you trust."
+msgstr ""
+"このパッケージは、更新時に新しい CA (証明機関) をインストールできます。そのよ"
+"うな新しい CA 証明書を確認して、信用する証明書だけを選択できます。"
+
+#. Type: select
+#. Description
+#: ../templates:3002
+msgid ""
+" - yes: new CA certificates will be trusted and installed;\n"
+" - no : new CA certificates will not be installed by default;\n"
+" - ask: prompt for each new CA certificate."
+msgstr ""
+" - `はい: 新しい CA 証明書を信用し、インストールします。\n"
+" - `いいえ': 新しい CA 証明書をデフォルトではインストールしません。\n"
+" - `質問する': 新しい CA 証明書についてそれぞれ尋ねます。"
+
+#. Type: multiselect
+#. Description
+#: ../templates:4001
+msgid "New certificates to activate:"
+msgstr "活性化する新しい証明書:"
+
+#. Type: multiselect
+#. Description
+#: ../templates:4001
+msgid ""
+"During upgrades, new certificates will be added. Please choose those you "
+"trust."
+msgstr ""
+"この更新では、新しい証明書が追加されています。これらの証明書を信用するかどう"
+"か選んでください。"
+
+#. Type: multiselect
+#. Description
+#: ../templates:5001
+msgid "Certificates to activate:"
+msgstr "活性化する証明書:"
+
+#. Type: multiselect
+#. Description
+#: ../templates:5001
+msgid ""
+"This package installs common CA (Certificate Authority) certificates in /usr/"
+"share/ca-certificates."
+msgstr ""
+"このパッケージは、共通の CA (証明機関) 証明書を /usr/share/ca-certificates に"
+"インストールします。"
+
+#. Type: multiselect
+#. Description
+#: ../templates:5001
+msgid ""
+"Please select the certificate authorities you trust so that their "
+"certificates are installed into /etc/ssl/certs. They will be compiled into a "
+"single /etc/ssl/certs/ca-certificates.crt file."
+msgstr ""
+"/etc/ssl/certs にインストールされる、信用する証明機関の証明書を選択してくださ"
+"い。これらは、単一のファイル /etc/ssl/certs/ca-certificates.crt にコンパイル"
+"されます。"
+
+#~ msgid "yes, no, ask"
+#~ msgstr "はい, いいえ, 質問する"
diff --git a/debian/po/nl.po b/debian/po/nl.po
new file mode 100644
index 0000000..9332a1a
--- /dev/null
+++ b/debian/po/nl.po
@@ -0,0 +1,121 @@
+# Dutch translation of ca-certificates debconf templates.
+# Copyright (C) 2011 THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the ca-certificates package.
+# Frans Pop <aragorn@tiscali.nl>, 2004, 2006.
+# Frans Pop <elendil@planet.nl>, 2007.
+# Jeroen Schot <schot@a-eskwadraat.nl>, 2011.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: ca-certificates 20110502+nmu1\n"
+"Report-Msgid-Bugs-To: ca-certificates@packages.debian.org\n"
+"POT-Creation-Date: 2011-10-22 14:41+0200\n"
+"PO-Revision-Date: 2011-10-10 09:58+0200\n"
+"Last-Translator: Jeroen Schot <schot@a-eskwadraat.nl>\n"
+"Language-Team: Debian l10n Dutch <debian-l10n-dutch@lists.debian.org>\n"
+"Language: nl\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. Type: title
+#. Description
+#: ../templates:2001
+msgid "ca-certificates configuration"
+msgstr "ca-certificates configuratie"
+
+#. Type: select
+#. Choices
+#: ../templates:3001
+msgid "yes"
+msgstr "ja"
+
+#. Type: select
+#. Choices
+#: ../templates:3001
+msgid "no"
+msgstr "nee"
+
+#. Type: select
+#. Choices
+#: ../templates:3001
+msgid "ask"
+msgstr "selectie"
+
+#. Type: select
+#. Description
+#: ../templates:3002
+msgid "Trust new certificates from certificate authorities?"
+msgstr "Nieuwe certificaten van certificaatautoriteiten vertrouwen?"
+
+#. Type: select
+#. Description
+#: ../templates:3002
+msgid ""
+"This package may install new CA (Certificate Authority) certificates when "
+"upgrading. You may want to check such new CA certificates and select only "
+"certificates that you trust."
+msgstr ""
+"Het is mogelijk dat dit pakket nieuwe CA (certificaatautoriteit) "
+"certificaten installeert tijdens een opwaardering naar een nieuwe versie. "
+"Mogelijk wilt u dergelijke nieuwe certificaten controleren en alleen "
+"certificaten selecteren van autoriteiten die u vertrouwt."
+
+#. Type: select
+#. Description
+#: ../templates:3002
+msgid ""
+" - yes: new CA certificates will be trusted and installed;\n"
+" - no : new CA certificates will not be installed by default;\n"
+" - ask: prompt for each new CA certificate."
+msgstr ""
+" - ja: nieuwe CA certificaten vertrouwen en installeren;\n"
+" - nee: nieuwe CA certificaten niet standaard installeren;\n"
+" - selectie: CA certificaten handmatig selecteren."
+
+#. Type: multiselect
+#. Description
+#: ../templates:4001
+msgid "New certificates to activate:"
+msgstr "Te activeren nieuwe certificaten:"
+
+#. Type: multiselect
+#. Description
+#: ../templates:4001
+msgid ""
+"During upgrades, new certificates will be added. Please choose those you "
+"trust."
+msgstr ""
+"Bij deze opwaardering worden nieuwe certificaten toegevoegd. Selecteer de "
+"certificaten die u vertrouwt."
+
+#. Type: multiselect
+#. Description
+#: ../templates:5001
+msgid "Certificates to activate:"
+msgstr "Te activeren certificaten:"
+
+#. Type: multiselect
+#. Description
+#: ../templates:5001
+msgid ""
+"This package installs common CA (Certificate Authority) certificates in /usr/"
+"share/ca-certificates."
+msgstr ""
+"Gangbare CA (certificaatautoriteit) certificaten worden door dit pakket "
+"geïnstalleerd in '/usr/share/ca-certificates'."
+
+#. Type: multiselect
+#. Description
+#: ../templates:5001
+msgid ""
+"Please select the certificate authorities you trust so that their "
+"certificates are installed into /etc/ssl/certs. They will be compiled into a "
+"single /etc/ssl/certs/ca-certificates.crt file."
+msgstr ""
+"Selecteer de certificaatautoriteiten die u vertrouwt. Hun certificaten "
+"zullen worden opgenomen in '/etc/ssl/certs' en worden gebundeld in het "
+"bestand '/etc/ssl/certs/ca-certificates.crt'."
+
+#~ msgid "yes, no, ask"
+#~ msgstr "ja, nee, selectie"
diff --git a/debian/po/pl.po b/debian/po/pl.po
new file mode 100644
index 0000000..eab25a8
--- /dev/null
+++ b/debian/po/pl.po
@@ -0,0 +1,119 @@
+# Translation of ca-certificates debconf templates to Polish.
+# Copyright (C) 2011
+# This file is distributed under the same license as the ca-certificates package.
+#
+# Michał Kułach <michal.kulach@gmail.com>, 2012.
+msgid ""
+msgstr ""
+"Project-Id-Version: \n"
+"Report-Msgid-Bugs-To: ca-certificates@packages.debian.org\n"
+"POT-Creation-Date: 2011-10-22 14:41+0200\n"
+"PO-Revision-Date: 2012-02-14 01:22+0100\n"
+"Last-Translator: Michał Kułach <michal.kulach@gmail.com>\n"
+"Language-Team: Polish <debian-l10n-polish@lists.debian.org>\n"
+"Language: pl\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Lokalize 1.2\n"
+"Plural-Forms: nplurals=3; plural=(n==1 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 "
+"|| n%100>=20) ? 1 : 2);\n"
+
+#. Type: title
+#. Description
+#: ../templates:2001
+msgid "ca-certificates configuration"
+msgstr "Konfiguracja ca-certificates"
+
+#. Type: select
+#. Choices
+#: ../templates:3001
+msgid "yes"
+msgstr "tak"
+
+#. Type: select
+#. Choices
+#: ../templates:3001
+msgid "no"
+msgstr "nie"
+
+#. Type: select
+#. Choices
+#: ../templates:3001
+msgid "ask"
+msgstr "pytaj"
+
+#. Type: select
+#. Description
+#: ../templates:3002
+msgid "Trust new certificates from certificate authorities?"
+msgstr "Ufać nowym certyfikatom urzędów certyfikacji?"
+
+#. Type: select
+#. Description
+#: ../templates:3002
+msgid ""
+"This package may install new CA (Certificate Authority) certificates when "
+"upgrading. You may want to check such new CA certificates and select only "
+"certificates that you trust."
+msgstr ""
+"Pakiet może instalować nowe certyfikaty urzędów certyfikacji (ang. "
+"Certificate Authority - CA) podczas aktualizacji. Można zechcieć sprawdzać "
+"nowe certyfikaty i wybierać tylko zaufane."
+
+#. Type: select
+#. Description
+#: ../templates:3002
+msgid ""
+" - yes: new CA certificates will be trusted and installed;\n"
+" - no : new CA certificates will not be installed by default;\n"
+" - ask: prompt for each new CA certificate."
+msgstr ""
+" - tak: nowe certyfikaty CA będą zaufane i instalowane;\n"
+" - nie: nowe certyfikaty CA nie będą domyślnie instalowane;\n"
+" - pytaj: pytaj o każdy nowy certyfikat CA."
+
+#. Type: multiselect
+#. Description
+#: ../templates:4001
+msgid "New certificates to activate:"
+msgstr "Nowe certyfikaty do aktywowania:"
+
+#. Type: multiselect
+#. Description
+#: ../templates:4001
+msgid ""
+"During upgrades, new certificates will be added. Please choose those you "
+"trust."
+msgstr ""
+"Podczas aktualizacji dodano nowe certyfikaty. Proszę wybrać te, którym się "
+"ufa."
+
+#. Type: multiselect
+#. Description
+#: ../templates:5001
+msgid "Certificates to activate:"
+msgstr "Certyfikaty do aktywowania:"
+
+#. Type: multiselect
+#. Description
+#: ../templates:5001
+msgid ""
+"This package installs common CA (Certificate Authority) certificates in /usr/"
+"share/ca-certificates."
+msgstr ""
+"Pakiet instaluje wspólne certyfikaty urzędów certyfikacji (ang. Certificate "
+"Authority) w /usr/share/ca-certificates."
+
+#. Type: multiselect
+#. Description
+#: ../templates:5001
+msgid ""
+"Please select the certificate authorities you trust so that their "
+"certificates are installed into /etc/ssl/certs. They will be compiled into a "
+"single /etc/ssl/certs/ca-certificates.crt file."
+msgstr ""
+"Proszę wybrać zaufane urzędy certyfikacji, których certyfikaty są instalowane "
+"w /etc/ssl/certs. Zostaną one skompilowane do jednego pliku "
+"/etc/ssl/certs/ca-certificates.crt."
+
diff --git a/debian/po/pt.po b/debian/po/pt.po
new file mode 100644
index 0000000..2034bac
--- /dev/null
+++ b/debian/po/pt.po
@@ -0,0 +1,141 @@
+# Portuguese translation for the ca-certificates debconf messages.
+# Copyright (C) 2007 Carlos Lisboa <carloslisboa@gmail.com>
+# This file is distributed under the same license as the ca-certificates package.
+# Carlos Lisboa <carloslisboa@gmail.com>, 2007.
+# Miguel Figueiredo <elmig@debianpt.org>, 2007-2011.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: ca-certificates\n"
+"Report-Msgid-Bugs-To: ca-certificates@packages.debian.org\n"
+"POT-Creation-Date: 2011-10-22 14:41+0200\n"
+"PO-Revision-Date: 2011-10-12 21:04+0100\n"
+"Last-Translator: Miguel Figueiredo <elmig@debianpt.org>\n"
+"Language-Team: Portuguese <traduz@debianpt.org>\n"
+"Language: pt\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. Type: title
+#. Description
+#: ../templates:2001
+msgid "ca-certificates configuration"
+msgstr "configuração de ca-certificates"
+
+#. Type: select
+#. Choices
+#: ../templates:3001
+msgid "yes"
+msgstr "sim"
+
+#. Type: select
+#. Choices
+#: ../templates:3001
+msgid "no"
+msgstr "não"
+
+#. Type: select
+#. Choices
+#: ../templates:3001
+msgid "ask"
+msgstr "perguntar"
+
+#. Type: select
+#. Description
+#: ../templates:3002
+msgid "Trust new certificates from certificate authorities?"
+msgstr "Confiar nos novos certificados das autoridades de certificados?"
+
+#. Type: select
+#. Description
+#: ../templates:3002
+msgid ""
+"This package may install new CA (Certificate Authority) certificates when "
+"upgrading. You may want to check such new CA certificates and select only "
+"certificates that you trust."
+msgstr ""
+"Este pacote poderá instalar novos certificados CA (Certificate Authority) "
+"quando for actualizado. Poderá querer verificar esses novos certificados e "
+"escolher apenas os certificados em que confia."
+
+#. Type: select
+#. Description
+#: ../templates:3002
+msgid ""
+" - yes: new CA certificates will be trusted and installed;\n"
+" - no : new CA certificates will not be installed by default;\n"
+" - ask: prompt for each new CA certificate."
+msgstr ""
+" - sim : novos certificados CA serão confiados e instalados;\n"
+" - não : novos certificados CA não serão instalados por omissão;\n"
+" - perguntar: perguntar para cada novo certificado CA."
+
+#. Type: multiselect
+#. Description
+#: ../templates:4001
+msgid "New certificates to activate:"
+msgstr "Novos certificados para activar:"
+
+#. Type: multiselect
+#. Description
+#: ../templates:4001
+msgid ""
+"During upgrades, new certificates will be added. Please choose those you "
+"trust."
+msgstr ""
+"Durante a actualização, serão adicionados novos certificados. Por favor "
+"escolha os que confia."
+
+#. Type: multiselect
+#. Description
+#: ../templates:5001
+msgid "Certificates to activate:"
+msgstr "Certificados para activar:"
+
+#. Type: multiselect
+#. Description
+#: ../templates:5001
+msgid ""
+"This package installs common CA (Certificate Authority) certificates in /usr/"
+"share/ca-certificates."
+msgstr ""
+"Este pacote instala certificados CA (Certificate Authority) comuns em /usr/"
+"share/ca-certificates."
+
+#. Type: multiselect
+#. Description
+#: ../templates:5001
+msgid ""
+"Please select the certificate authorities you trust so that their "
+"certificates are installed into /etc/ssl/certs. They will be compiled into a "
+"single /etc/ssl/certs/ca-certificates.crt file."
+msgstr ""
+"Por favor escolha as autoridades de certificados em que confia para que os "
+"seus certificados sejam instalados em /etc/ssl/certs. Serão compilados num "
+"único ficheiro /etc/ssl/cets/ca-certificates.crt."
+
+#~ msgid "yes, no, ask"
+#~ msgstr "sim, não, perguntar"
+
+#~ msgid "${new_crts}"
+#~ msgstr "${new_crts}"
+
+#~ msgid "${enable_crts}"
+#~ msgstr "${enable_crts}"
+
+#~ msgid "Select new certificates to activate:"
+#~ msgstr "Seleccione novos certificados para activar:"
+
+#~ msgid ""
+#~ "This package installs common CA (Certificate Authority) certificates in /"
+#~ "usr/share/ca-certificates. You can select certs from these available "
+#~ "certs to be installed into /etc/ssl/certs. This package will make "
+#~ "symlinks and generate a single file of all your selected certs, /etc/ssl/"
+#~ "certs/ca-certificates.crt."
+#~ msgstr ""
+#~ "Este pacote contém certificados comuns CA (Certificate Authority) em /usr/"
+#~ "share/ca-certificates. Pode seleccionar os certificados dos disponíveis "
+#~ "que devem ser instalados em /etc/ssl/certs. Este pacote irá criar atalhos "
+#~ "simbólicos e gerará um ficheiro único com todos os certificados "
+#~ "seleccionados, /etc/ssl/certs/ca-certificates.crt."
diff --git a/debian/po/pt_BR.po b/debian/po/pt_BR.po
new file mode 100644
index 0000000..0b3e095
--- /dev/null
+++ b/debian/po/pt_BR.po
@@ -0,0 +1,144 @@
+# Debconf translations for ca-certificates.
+# Copyright (C) 2011 THE ca-certificates'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the ca-certificates package.
+# André Luís Lopes <andrelop@debian.org>, 2006.
+# Adriano Rafael Gomes <adrianorg@gmail.com>, 2011.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: ca-certificates 20090814+nmu2\n"
+"Report-Msgid-Bugs-To: ca-certificates@packages.debian.org\n"
+"POT-Creation-Date: 2011-10-22 14:41+0200\n"
+"PO-Revision-Date: 2011-10-09 13:22-0300\n"
+"Last-Translator: Adriano Rafael Gomes <adrianorg@gmail.com>\n"
+"Language-Team: Brazilian Portuguese <debian-l10n-portuguese@lists.debian."
+"org>\n"
+"Language: pt_BR\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. Type: title
+#. Description
+#: ../templates:2001
+msgid "ca-certificates configuration"
+msgstr "Configuração do ca-certificates"
+
+#. Type: select
+#. Choices
+#: ../templates:3001
+msgid "yes"
+msgstr "sim"
+
+#. Type: select
+#. Choices
+#: ../templates:3001
+msgid "no"
+msgstr "não"
+
+#. Type: select
+#. Choices
+#: ../templates:3001
+msgid "ask"
+msgstr "perguntar"
+
+#. Type: select
+#. Description
+#: ../templates:3002
+msgid "Trust new certificates from certificate authorities?"
+msgstr "Confiar em novos certificados de autoridades certificadoras?"
+
+#. Type: select
+#. Description
+#: ../templates:3002
+msgid ""
+"This package may install new CA (Certificate Authority) certificates when "
+"upgrading. You may want to check such new CA certificates and select only "
+"certificates that you trust."
+msgstr ""
+"Este pacote pode instalar novos certificados de CAs (Autoridades "
+"Certificadoras) ao atualizar. Você pode querer checar esses novos "
+"certificados de CAs e selecionar somente aqueles certificados nos quais você "
+"confia."
+
+#. Type: select
+#. Description
+#: ../templates:3002
+msgid ""
+" - yes: new CA certificates will be trusted and installed;\n"
+" - no : new CA certificates will not be installed by default;\n"
+" - ask: prompt for each new CA certificate."
+msgstr ""
+" - sim: novos certificados de CAs serão confiáveis e serão instalados;\n"
+" - não: novos certificados de CAs não serão instalados por padrão;\n"
+" - perguntar: pergunta a cada novo certificado de CA."
+
+#. Type: multiselect
+#. Description
+#: ../templates:4001
+msgid "New certificates to activate:"
+msgstr "Novos certificados a serem ativados:"
+
+#. Type: multiselect
+#. Description
+#: ../templates:4001
+msgid ""
+"During upgrades, new certificates will be added. Please choose those you "
+"trust."
+msgstr ""
+"Durante as atualizações, novos certificados serão adicionados. Por favor, "
+"selecione aqueles nos quais você confia."
+
+#. Type: multiselect
+#. Description
+#: ../templates:5001
+msgid "Certificates to activate:"
+msgstr "Certificados a serem ativados:"
+
+#. Type: multiselect
+#. Description
+#: ../templates:5001
+msgid ""
+"This package installs common CA (Certificate Authority) certificates in /usr/"
+"share/ca-certificates."
+msgstr ""
+"Este pacote instala certificados de CAs (Autoridades Certificadoras) comuns "
+"em /usr/share/ca-certificates."
+
+#. Type: multiselect
+#. Description
+#: ../templates:5001
+msgid ""
+"Please select the certificate authorities you trust so that their "
+"certificates are installed into /etc/ssl/certs. They will be compiled into a "
+"single /etc/ssl/certs/ca-certificates.crt file."
+msgstr ""
+"Por favor, selecione as autoridades certificadoras que você confia, de modo "
+"que seus certificados sejam instalados em /etc/ssl/certs. Eles serão "
+"compilados em um único arquivo /etc/ssl/certs/ca-certificates.crt."
+
+#~ msgid "yes, no, ask"
+#~ msgstr "sim, não, perguntar"
+
+#~ msgid "${new_crts}"
+#~ msgstr "${new_certs}"
+
+#~ msgid "${enable_crts}"
+#~ msgstr "${enable_certs}"
+
+#~ msgid "Select new certificates to activate:"
+#~ msgstr "Selecione os novos certificados a serem ativados:"
+
+#~ msgid ""
+#~ "This package installs common CA (Certificate Authority) certificates in /"
+#~ "usr/share/ca-certificates. You can select certs from these available "
+#~ "certs to be installed into /etc/ssl/certs. This package will make "
+#~ "symlinks and generate a single file of all your selected certs, /etc/ssl/"
+#~ "certs/ca-certificates.crt."
+#~ msgstr ""
+#~ "Este pacote instala certificados de CAs (Autoridades Certificadoras) "
+#~ "comuns em /usr/share/ca-certificates. Você pode selecionar certificados "
+#~ "dentre os certificados disponíveis para que os mesmos sejam instalados "
+#~ "em /etc/ssl/certs. Este pacote irá criar ligações simbólicas e gerar um "
+#~ "único arquivo com base em todos os seus certificados escolhidos, com o "
+#~ "nome de /etc/ssl/certs/ca-certificates.crt."
diff --git a/debian/po/ru.po b/debian/po/ru.po
new file mode 100644
index 0000000..34967f2
--- /dev/null
+++ b/debian/po/ru.po
@@ -0,0 +1,129 @@
+# translation of ca-certificates_20061027.2.po to Russian
+#
+# This file is distributed under the same license as the ca-certificates
+# package.
+#
+# Copyright (C) 2003 Ilgiz Kalmetev <translator@ilgiz.pp.ru>
+# Copyright (C) 2007 Mikhail Gusarov <dottedmag@dottedmag.net>
+# Yuri Kozlov <yuray@komyakino.ru>, 2011.
+msgid ""
+msgstr ""
+"Project-Id-Version: ca-certificates 20110502\n"
+"Report-Msgid-Bugs-To: ca-certificates@packages.debian.org\n"
+"POT-Creation-Date: 2011-10-22 14:41+0200\n"
+"PO-Revision-Date: 2011-07-23 09:13+0400\n"
+"Last-Translator: Yuri Kozlov <yuray@komyakino.ru>\n"
+"Language-Team: Russian <debian-l10n-russian@lists.debian.org>\n"
+"Language: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Lokalize 1.0\n"
+"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n"
+"%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n"
+
+#. Type: title
+#. Description
+#: ../templates:2001
+msgid "ca-certificates configuration"
+msgstr "Настройка ca-certificates"
+
+#. Type: select
+#. Choices
+#: ../templates:3001
+msgid "yes"
+msgstr "да"
+
+#. Type: select
+#. Choices
+#: ../templates:3001
+msgid "no"
+msgstr "нет"
+
+#. Type: select
+#. Choices
+#: ../templates:3001
+msgid "ask"
+msgstr "спрашивать"
+
+#. Type: select
+#. Description
+#: ../templates:3002
+msgid "Trust new certificates from certificate authorities?"
+msgstr "Доверять новым сертификатам удостоверяющих центров?"
+
+#. Type: select
+#. Description
+#: ../templates:3002
+msgid ""
+"This package may install new CA (Certificate Authority) certificates when "
+"upgrading. You may want to check such new CA certificates and select only "
+"certificates that you trust."
+msgstr ""
+"При обновлении этот пакет может установить новые сертификаты удостоверяющих "
+"центров (CA). Вы можете проверить их и выбрать только те, которым доверяете."
+
+#. Type: select
+#. Description
+#: ../templates:3002
+msgid ""
+" - yes: new CA certificates will be trusted and installed;\n"
+" - no : new CA certificates will not be installed by default;\n"
+" - ask: prompt for each new CA certificate."
+msgstr ""
+" - да: доверять новым сертификатам CA и установить их.\n"
+" - нет: по умолчанию не устанавливать новые сертификаты CA.\n"
+" - спрашивать: подтверждать каждый новый сертификат CA."
+
+#. Type: multiselect
+#. Description
+#: ../templates:4001
+msgid "New certificates to activate:"
+msgstr "Новые сертификаты для активации:"
+
+#. Type: multiselect
+#. Description
+#: ../templates:4001
+msgid ""
+"During upgrades, new certificates will be added. Please choose those you "
+"trust."
+msgstr ""
+"Во время обновления будут добавлены новые сертификаты. Выберите те, которым "
+"вы доверяете."
+
+#. Type: multiselect
+#. Description
+#: ../templates:5001
+msgid "Certificates to activate:"
+msgstr "Сертификаты для активации:"
+
+#. Type: multiselect
+#. Description
+#: ../templates:5001
+msgid ""
+"This package installs common CA (Certificate Authority) certificates in /usr/"
+"share/ca-certificates."
+msgstr ""
+"Этот пакет устанавливает сертификаты удостоверяющих центров (CA) в каталог /"
+"usr/share/ca-certificates."
+
+#. Type: multiselect
+#. Description
+#: ../templates:5001
+msgid ""
+"Please select the certificate authorities you trust so that their "
+"certificates are installed into /etc/ssl/certs. They will be compiled into a "
+"single /etc/ssl/certs/ca-certificates.crt file."
+msgstr ""
+"Выберите удостоверяющие центры, которым вы доверяете; их сертификаты будут "
+"установлены в каталог /etc/ssl/certs (скомпонованы в файл /etc/ssl/certs/ca-"
+"certificates.crt)."
+
+#~ msgid "yes, no, ask"
+#~ msgstr "да, нет, спрашивать"
+
+#~ msgid "${new_crts}"
+#~ msgstr "${new_crts}"
+
+#~ msgid "${enable_crts}"
+#~ msgstr "${enable_crts}"
diff --git a/debian/po/sk.po b/debian/po/sk.po
new file mode 100644
index 0000000..65b129d
--- /dev/null
+++ b/debian/po/sk.po
@@ -0,0 +1,121 @@
+# Slovak translations for ca-certificates package
+# Slovenské preklady pre balík ca-certificates.
+# Copyright (C) 2011 THE ca-certificates'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the ca-certificates package.
+# Automatically generated, 2011.
+# Slavko <linux@slavino.sk>, 2011.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: ca-certificates 20110502+nmu1\n"
+"Report-Msgid-Bugs-To: ca-certificates@packages.debian.org\n"
+"POT-Creation-Date: 2011-10-22 14:41+0200\n"
+"PO-Revision-Date: 2011-09-18 13:43+0200\n"
+"Last-Translator: Slavko <linux@slavino.sk>\n"
+"Language-Team: Slovak <debian-l10n-slovak@lists.debian.org>\n"
+"Language: sk\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=3; plural=(n==1) ? 0 : (n>=2 && n<=4) ? 1 : 2;\n"
+
+#. Type: title
+#. Description
+#: ../templates:2001
+msgid "ca-certificates configuration"
+msgstr "Nastavenie ca-certificates"
+
+#. Type: select
+#. Choices
+#: ../templates:3001
+msgid "yes"
+msgstr "áno"
+
+#. Type: select
+#. Choices
+#: ../templates:3001
+msgid "no"
+msgstr "nie"
+
+#. Type: select
+#. Choices
+#: ../templates:3001
+msgid "ask"
+msgstr "pýtať sa"
+
+#. Type: select
+#. Description
+#: ../templates:3002
+msgid "Trust new certificates from certificate authorities?"
+msgstr "Dôverovať novým certifikátom certifikačných autorít?"
+
+#. Type: select
+#. Description
+#: ../templates:3002
+msgid ""
+"This package may install new CA (Certificate Authority) certificates when "
+"upgrading. You may want to check such new CA certificates and select only "
+"certificates that you trust."
+msgstr ""
+"Tento balík môže pri aktualizácii inštalovať nové certifikáty certifikačných "
+"autorít (CA). Môžete chcieť tieto nové certifikáty CA skontrolovať a zvoliť "
+"len certifikáty, ktorým dôverujete."
+
+#. Type: select
+#. Description
+#: ../templates:3002
+msgid ""
+" - yes: new CA certificates will be trusted and installed;\n"
+" - no : new CA certificates will not be installed by default;\n"
+" - ask: prompt for each new CA certificate."
+msgstr ""
+" - áno : nové certifikáty CA budú dôveryhodné a nainštalované;\n"
+" - nie : nové certifikáty CA nebudú predvolene nainštalované;\n"
+" - pýtať sa: pýtať sa na každý nový certifikát CA."
+
+#. Type: multiselect
+#. Description
+#: ../templates:4001
+msgid "New certificates to activate:"
+msgstr "Nové certifikáty, ktoré majú byť aktivované:"
+
+#. Type: multiselect
+#. Description
+#: ../templates:4001
+msgid ""
+"During upgrades, new certificates will be added. Please choose those you "
+"trust."
+msgstr ""
+"Počas aktualizácie boli pridané nové certifikáty. Prosím, vyberte tie, "
+"ktorým dôverujete."
+
+#. Type: multiselect
+#. Description
+#: ../templates:5001
+msgid "Certificates to activate:"
+msgstr "Certifikáty, ktoré majú byť aktivované:"
+
+#. Type: multiselect
+#. Description
+#: ../templates:5001
+msgid ""
+"This package installs common CA (Certificate Authority) certificates in /usr/"
+"share/ca-certificates."
+msgstr ""
+"Tento balík inštaluje bežné certifikáty certifikačných autorít (CA) do /usr/"
+"share/ca-certificates."
+
+#. Type: multiselect
+#. Description
+#: ../templates:5001
+msgid ""
+"Please select the certificate authorities you trust so that their "
+"certificates are installed into /etc/ssl/certs. They will be compiled into a "
+"single /etc/ssl/certs/ca-certificates.crt file."
+msgstr ""
+"Prosím, vyberte certifikačné autority, ktorým dôverujete a ktorých "
+"certifikáty budú inštalované do /etc/ssl/certs. Tieto budú zlúčené do "
+"jedného súboru /etc/ssl/certs/ca-certificates.crt."
+
+#~ msgid "yes, no, ask"
+#~ msgstr "áno, nie, pýtať sa"
diff --git a/debian/po/sv.po b/debian/po/sv.po
new file mode 100644
index 0000000..e823e1c
--- /dev/null
+++ b/debian/po/sv.po
@@ -0,0 +1,143 @@
+# Translation of ca-certificates debconf template to Swedish
+# Copyright (C) 2011 Martin Bagge <brother@bsnet.se>
+# This file is distributed under the same license as the ca-certificates package.
+#
+# Daniel Nylander <po@danielnylander.se>, 2007
+# Martin Bagge <brother@bsnet.se>, 2011
+msgid ""
+msgstr ""
+"Project-Id-Version: ca-certificates 20050804\n"
+"Report-Msgid-Bugs-To: ca-certificates@packages.debian.org\n"
+"POT-Creation-Date: 2011-10-22 14:41+0200\n"
+"PO-Revision-Date: 2011-09-05 23:40+0100\n"
+"Last-Translator: Martin Bagge / brother <brother@bsnet.se>\n"
+"Language-Team: Swedish <debian-l10n-swedish@lists.debian.org>\n"
+"Language: sv\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Poedit-Language: Swedish\n"
+"X-Poedit-Country: Sweden\n"
+
+#. Type: title
+#. Description
+#: ../templates:2001
+msgid "ca-certificates configuration"
+msgstr "Inställningar för ca-certificates"
+
+#. Type: select
+#. Choices
+#: ../templates:3001
+msgid "yes"
+msgstr "ja"
+
+#. Type: select
+#. Choices
+#: ../templates:3001
+msgid "no"
+msgstr "nej"
+
+#. Type: select
+#. Choices
+#: ../templates:3001
+msgid "ask"
+msgstr "fråga"
+
+#. Type: select
+#. Description
+#: ../templates:3002
+msgid "Trust new certificates from certificate authorities?"
+msgstr "Lita på nya certifikat från certifikatutfärdare?"
+
+#. Type: select
+#. Description
+#: ../templates:3002
+msgid ""
+"This package may install new CA (Certificate Authority) certificates when "
+"upgrading. You may want to check such new CA certificates and select only "
+"certificates that you trust."
+msgstr ""
+"Detta paket kan installera nya CA-certifikat (Certificate Authority) vid "
+"uppgradering. Du kanske vill kontrollera de nya CA-certifikaten och endast "
+"välja de certifikat som du litar på."
+
+#. Type: select
+#. Description
+#: ../templates:3002
+msgid ""
+" - yes: new CA certificates will be trusted and installed;\n"
+" - no : new CA certificates will not be installed by default;\n"
+" - ask: prompt for each new CA certificate."
+msgstr ""
+" - ja: nya CA-certifikat kommer att litas på och installeras;\n"
+" - nej: nya CA-certifikat kommer inte att installeras som standard;\n"
+" - fråga: fråga för varje nytt CA-certifikat."
+
+#. Type: multiselect
+#. Description
+#: ../templates:4001
+msgid "New certificates to activate:"
+msgstr "Nya certfikat att aktivera:"
+
+#. Type: multiselect
+#. Description
+#: ../templates:4001
+msgid ""
+"During upgrades, new certificates will be added. Please choose those you "
+"trust."
+msgstr ""
+"Under uppgraderingar kommer nya certifikat att läggas till. Välj de som du "
+"litar på."
+
+#. Type: multiselect
+#. Description
+#: ../templates:5001
+msgid "Certificates to activate:"
+msgstr "Certfikat att aktivera:"
+
+#. Type: multiselect
+#. Description
+#: ../templates:5001
+msgid ""
+"This package installs common CA (Certificate Authority) certificates in /usr/"
+"share/ca-certificates."
+msgstr ""
+"Detta paket installerar gemensamma CA-certifikat (Certificate Authority) i /"
+"usr/share/ca-certificates."
+
+#. Type: multiselect
+#. Description
+#: ../templates:5001
+msgid ""
+"Please select the certificate authorities you trust so that their "
+"certificates are installed into /etc/ssl/certs. They will be compiled into a "
+"single /etc/ssl/certs/ca-certificates.crt file."
+msgstr ""
+"Välj de certifikatutfärdare som du litar på så att deras certifikat "
+"installeras i /etc/ssl/certs. De kommer att kompileras till en enda fil, /"
+"etc/ssl/certs/ca-certificates.crt."
+
+#~ msgid "yes, no, ask"
+#~ msgstr "ja, nej, fråga"
+
+#~ msgid "${new_crts}"
+#~ msgstr "${new_crts}"
+
+#~ msgid "${enable_crts}"
+#~ msgstr "${enable_crts}"
+
+#~ msgid "Select new certificates to activate:"
+#~ msgstr "Välj ett nytt certifikat som ska aktiveras:"
+
+#~ msgid ""
+#~ "This package installs common CA (Certificate Authority) certificates in /"
+#~ "usr/share/ca-certificates. You can select certs from these available "
+#~ "certs to be installed into /etc/ssl/certs. This package will make "
+#~ "symlinks and generate a single file of all your selected certs, /etc/ssl/"
+#~ "certs/ca-certificates.crt."
+#~ msgstr ""
+#~ "Detta paket installerar allmänna CA (Certificate Authority)-certifikat i /"
+#~ "usr/share/ca-certificates. Du kan välja certifikat bland dessa "
+#~ "tillgängliga certifikat för att installeras till /etc/ssl/certs. Detta "
+#~ "paket kommer att göra symboliska länkar och generera en enda fil av alla "
+#~ "dina valda certifikat, /etc/ssl/certs/ca-certificates.crt."
diff --git a/debian/po/templates.pot b/debian/po/templates.pot
new file mode 100644
index 0000000..ef0887c
--- /dev/null
+++ b/debian/po/templates.pot
@@ -0,0 +1,103 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"Report-Msgid-Bugs-To: ca-certificates@packages.debian.org\n"
+"POT-Creation-Date: 2011-10-22 14:41+0200\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"Language: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=CHARSET\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. Type: title
+#. Description
+#: ../templates:2001
+msgid "ca-certificates configuration"
+msgstr ""
+
+#. Type: select
+#. Choices
+#: ../templates:3001
+msgid "yes"
+msgstr ""
+
+#. Type: select
+#. Choices
+#: ../templates:3001
+msgid "no"
+msgstr ""
+
+#. Type: select
+#. Choices
+#: ../templates:3001
+msgid "ask"
+msgstr ""
+
+#. Type: select
+#. Description
+#: ../templates:3002
+msgid "Trust new certificates from certificate authorities?"
+msgstr ""
+
+#. Type: select
+#. Description
+#: ../templates:3002
+msgid ""
+"This package may install new CA (Certificate Authority) certificates when "
+"upgrading. You may want to check such new CA certificates and select only "
+"certificates that you trust."
+msgstr ""
+
+#. Type: select
+#. Description
+#: ../templates:3002
+msgid ""
+" - yes: new CA certificates will be trusted and installed;\n"
+" - no : new CA certificates will not be installed by default;\n"
+" - ask: prompt for each new CA certificate."
+msgstr ""
+
+#. Type: multiselect
+#. Description
+#: ../templates:4001
+msgid "New certificates to activate:"
+msgstr ""
+
+#. Type: multiselect
+#. Description
+#: ../templates:4001
+msgid ""
+"During upgrades, new certificates will be added. Please choose those you "
+"trust."
+msgstr ""
+
+#. Type: multiselect
+#. Description
+#: ../templates:5001
+msgid "Certificates to activate:"
+msgstr ""
+
+#. Type: multiselect
+#. Description
+#: ../templates:5001
+msgid ""
+"This package installs common CA (Certificate Authority) certificates in /usr/"
+"share/ca-certificates."
+msgstr ""
+
+#. Type: multiselect
+#. Description
+#: ../templates:5001
+msgid ""
+"Please select the certificate authorities you trust so that their "
+"certificates are installed into /etc/ssl/certs. They will be compiled into a "
+"single /etc/ssl/certs/ca-certificates.crt file."
+msgstr ""
diff --git a/debian/po/tr.po b/debian/po/tr.po
new file mode 100644
index 0000000..17c92d0
--- /dev/null
+++ b/debian/po/tr.po
@@ -0,0 +1,96 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+# Atila KOÇ <akoc@artielektronik.com.tr>, 2012.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: ca-certificates\n"
+"Report-Msgid-Bugs-To: ca-certificates@packages.debian.org\n"
+"POT-Creation-Date: 2011-10-22 14:41+0200\n"
+"PO-Revision-Date: 2012-02-21 20:35+0200\n"
+"Last-Translator: Atila KOÇ <akoc@artielektronik.com.tr>\n"
+"Language-Team: Turkish <debian-l10n-turkish@lists.debian.org>\n"
+"Language: tr\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=utf-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. Type: title
+#. Description
+#: ../templates:2001
+msgid "ca-certificates configuration"
+msgstr "ca-certificates yapılandırması"
+
+#. Type: select
+#. Choices
+#: ../templates:3001
+msgid "yes"
+msgstr "evet"
+
+#. Type: select
+#. Choices
+#: ../templates:3001
+msgid "no"
+msgstr "hayır"
+
+#. Type: select
+#. Choices
+#: ../templates:3001
+msgid "ask"
+msgstr "sor"
+
+#. Type: select
+#. Description
+#: ../templates:3002
+msgid "Trust new certificates from certificate authorities?"
+msgstr "Sertifika yetkililerinin yeni sertifikalarına güvenilsin mi?"
+
+#. Type: select
+#. Description
+#: ../templates:3002
+msgid "This package may install new CA (Certificate Authority) certificates when upgrading. You may want to check such new CA certificates and select only certificates that you trust."
+msgstr "Bu paket yükseltme sırasında yeni bir Sertifika Yetkilisi (SY) kurabilir. Olası yeni SY sertifikalarını denetlemek ve yalnızca güvendiğiniz sertifikaları kullanmak isteyebilirsiniz."
+
+#. Type: select
+#. Description
+#: ../templates:3002
+msgid ""
+" - yes: new CA certificates will be trusted and installed;\n"
+" - no : new CA certificates will not be installed by default;\n"
+" - ask: prompt for each new CA certificate."
+msgstr ""
+" - evet: yeni SY sertifikalarına güvenilecek ve kurulacak;\n"
+" - hayır: öntanımlı olarak yeni SY sertifikaları kurulmayacak;\n"
+" - sor: her yeni SY sertifikası için görüş istenecek."
+
+#. Type: multiselect
+#. Description
+#: ../templates:4001
+msgid "New certificates to activate:"
+msgstr "Etkinleştirilecek yeni sertifikalar:"
+
+#. Type: multiselect
+#. Description
+#: ../templates:4001
+msgid "During upgrades, new certificates will be added. Please choose those you trust."
+msgstr "Yükseltmeler sırasında yeni sertifikalar eklenecektir. Lütfen güvendiklerinizi seçiniz."
+
+#. Type: multiselect
+#. Description
+#: ../templates:5001
+msgid "Certificates to activate:"
+msgstr "Etkinleştirilecek sertifikalar:"
+
+#. Type: multiselect
+#. Description
+#: ../templates:5001
+msgid "This package installs common CA (Certificate Authority) certificates in /usr/share/ca-certificates."
+msgstr "Bu paket /usr/share/ca-certificates dizinine yaygın SY (Sertifika Yetkilisi) sertifikalarını kurar."
+
+#. Type: multiselect
+#. Description
+#: ../templates:5001
+msgid "Please select the certificate authorities you trust so that their certificates are installed into /etc/ssl/certs. They will be compiled into a single /etc/ssl/certs/ca-certificates.crt file."
+msgstr "Lütfen güvendiğiniz sertifika yetkililerini seçiniz. Güvendiğiniz yetkililerin sertifikaları /etc/ssl/certs dizinine kurulacak ve aynı zamanda /etc/ssl/certs/ca-certificates.crt dosyasında toplanacaktır."
+
diff --git a/debian/po/vi.po b/debian/po/vi.po
new file mode 100644
index 0000000..6f09216
--- /dev/null
+++ b/debian/po/vi.po
@@ -0,0 +1,127 @@
+# Vietnamese Translation for ca-certificates.
+# Copyright © 2007 Free Software Foundation, Inc.
+# Clytie Siddall <clytie@riverland.net.au>, 2005-2007.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: ca-certificates 20070304\n"
+"Report-Msgid-Bugs-To: ca-certificates@packages.debian.org\n"
+"POT-Creation-Date: 2011-10-22 14:41+0200\n"
+"PO-Revision-Date: 2007-07-30 18:25+0930\n"
+"Last-Translator: Clytie Siddall <clytie@riverland.net.au>\n"
+"Language-Team: Vietnamese <vi-bugs@googlegroups.com>\n"
+"Language: vi\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=utf-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=1; plural=0;\n"
+"X-Generator: LocFactoryEditor 1.7b1\n"
+
+#. Type: title
+#. Description
+#: ../templates:2001
+msgid "ca-certificates configuration"
+msgstr ""
+
+#. Type: select
+#. Choices
+#: ../templates:3001
+msgid "yes"
+msgstr "có"
+
+#. Type: select
+#. Choices
+#: ../templates:3001
+msgid "no"
+msgstr "không"
+
+#. Type: select
+#. Choices
+#: ../templates:3001
+msgid "ask"
+msgstr "hỏi"
+
+#. Type: select
+#. Description
+#: ../templates:3002
+msgid "Trust new certificates from certificate authorities?"
+msgstr "Tin chứng nhận mới của nhà cầm quyền chứng nhận mới không?"
+
+#. Type: select
+#. Description
+#: ../templates:3002
+msgid ""
+"This package may install new CA (Certificate Authority) certificates when "
+"upgrading. You may want to check such new CA certificates and select only "
+"certificates that you trust."
+msgstr ""
+"Gói này có lẽ sẽ cài đặt chứng nhận CA (nhà cầm quyền chứng nhận) mới khi "
+"nâng cấp. Đề nghị bạn kiểm tra các chứng nhận CA như vậy, chỉ chọn chứng "
+"nhận đã tin cậy."
+
+#. Type: select
+#. Description
+#: ../templates:3002
+msgid ""
+" - yes: new CA certificates will be trusted and installed;\n"
+" - no : new CA certificates will not be installed by default;\n"
+" - ask: prompt for each new CA certificate."
+msgstr ""
+" • có\t \t\ttin và cài đặt chứng nhận CA mới.\n"
+" • không\t\tmặc định là không cài đặt chứng nhận CA mới.\n"
+" • hỏi\t\tnhắc với mỗi chứng nhận CA mới"
+
+#. Type: multiselect
+#. Description
+#: ../templates:4001
+msgid "New certificates to activate:"
+msgstr "Các chứng nhận mới cần kích hoạt:"
+
+#. Type: multiselect
+#. Description
+#: ../templates:4001
+msgid ""
+"During upgrades, new certificates will be added. Please choose those you "
+"trust."
+msgstr ""
+"Trong khi nâng cấp, chứng nhận mới sẽ được thêm. Hãy chọn những chứng nhận "
+"bạn tin vậy."
+
+#. Type: multiselect
+#. Description
+#: ../templates:5001
+msgid "Certificates to activate:"
+msgstr "Các chứng nhận cần kích hoạt:"
+
+#. Type: multiselect
+#. Description
+#: ../templates:5001
+msgid ""
+"This package installs common CA (Certificate Authority) certificates in /usr/"
+"share/ca-certificates."
+msgstr ""
+"Gói này sẽ tạo các chứng nhận CA (nhà cầm quyền chứng nhận) vào « /usr/"
+"share/ca-certificates »."
+
+#. Type: multiselect
+#. Description
+#: ../templates:5001
+msgid ""
+"Please select the certificate authorities you trust so that their "
+"certificates are installed into /etc/ssl/certs. They will be compiled into a "
+"single /etc/ssl/certs/ca-certificates.crt file."
+msgstr ""
+"Hãy chọn những nhà cầm quyền chứng nhận bạn tin cậy để cài đặt các chứng "
+"nhận của chúng vào « /etc/ssl/certs ». Chúng sẽ được biên dịch vào một tập "
+"tin « /etc/ssl/certs/ca-certificates.crt » riêng lẻ."
+
+#~ msgid "yes, no, ask"
+#~ msgstr "có, không, hỏi"
+
+# Variable: do not translate/ biến: đừng dịch
+#~ msgid "${new_crts}"
+#~ msgstr "${new_crts}"
+
+# Variable: do not translate/ biến: đừng dịch
+#~ msgid "${enable_crts}"
+#~ msgstr "${enable_crts}"
diff --git a/debian/rules b/debian/rules
new file mode 100755
index 0000000..4993f0e
--- /dev/null
+++ b/debian/rules
@@ -0,0 +1,25 @@
+#!/usr/bin/make -f
+# Sample debian/rules that uses debhelper.
+# GNU copyright 1997 to 1999 by Joey Hess.
+
+# Uncomment this to turn on verbose mode.
+#export DH_VERBOSE=1
+
+%:
+ dh $@
+
+execute_before_dh_clean:
+ debconf-updatepo
+
+execute_before_dh_install:
+ $(MAKE) install DESTDIR=$(CURDIR)/debian/ca-certificates
+ # udeb handling
+ install -d -m 0755 "$(CURDIR)/debian/ca-certificates-udeb/etc/ssl/certs"
+ (cd mozilla; \
+ $(MAKE) install CERTSDIR="$(CURDIR)/debian/ca-certificates-udeb/etc/ssl/certs")
+ openssl rehash -v "$(CURDIR)/debian/ca-certificates-udeb/etc/ssl/certs"
+
+override_dh_installdebconf:
+ find $(CURDIR)/debian/ca-certificates/usr/share/ca-certificates -type f -name '*.crt' -printf '%P\n' | \
+ LC_ALL=C sort | sed -e '$$! s/$$/, /' | tr -d '\n' > debian/config.initial_certs
+ dh_installdebconf -n -DINITIAL_CERTS=@debian/config.initial_certs
diff --git a/debian/source/format b/debian/source/format
new file mode 100644
index 0000000..89ae9db
--- /dev/null
+++ b/debian/source/format
@@ -0,0 +1 @@
+3.0 (native)
diff --git a/debian/templates b/debian/templates
new file mode 100644
index 0000000..4eceb5b
--- /dev/null
+++ b/debian/templates
@@ -0,0 +1,43 @@
+# These templates have been reviewed by the debian-l10n-english
+# team
+#
+# If modifications/additions/rewording are needed, please ask
+# debian-l10n-english@lists.debian.org for advice.
+#
+# Even minor modifications require translation updates and such
+# changes should be coordinated with translators and reviewers.
+
+Template: ca-certificates/title
+Type: title
+_Description: ca-certificates configuration
+
+Template: ca-certificates/trust_new_crts
+Type: select
+__Choices: yes, no, ask
+Default: yes
+_Description: Trust new certificates from certificate authorities?
+ This package may install new CA (Certificate Authority) certificates when
+ upgrading. You may want to check such new CA certificates and select only
+ certificates that you trust.
+ .
+ - yes: new CA certificates will be trusted and installed;
+ - no : new CA certificates will not be installed by default;
+ - ask: prompt for each new CA certificate.
+
+Template: ca-certificates/new_crts
+Type: multiselect
+Choices: ${new_crts}
+_Description: New certificates to activate:
+ During upgrades, new certificates will be added. Please choose
+ those you trust.
+
+Template: ca-certificates/enable_crts
+Type: multiselect
+Choices: ${enable_crts}
+_Description: Certificates to activate:
+ This package installs common CA (Certificate Authority) certificates in
+ /usr/share/ca-certificates.
+ .
+ Please select the certificate authorities you trust so that their
+ certificates are installed into /etc/ssl/certs. They will be compiled
+ into a single /etc/ssl/certs/ca-certificates.crt file.