¿Es seguro permitir que las aplicaciones apt-get instalen certificados raíz?

12

Recientemente instalé Pinta, un programa para el dibujo y la edición de imágenes, y como parte de la instalación, instaló 173 certificados raíz (ver más abajo).

¿Es una práctica normal hacerlo? ¿Para qué necesita estos certificados? Además, ¿cómo saber si estos certificados son seguros?

Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following packages were automatically installed and are no longer required:
  linux-headers-4.4.0-21 linux-headers-4.4.0-21-generic linux-image-4.4.0-21-generic linux-image-extra-4.4.0-21-generic
Use 'sudo apt autoremove' to remove them.
The following additional packages will be installed:
  binfmt-support ca-certificates-mono cli-common gnome-icon-theme libgdiplus libglib2.0-cil libgtk2.0-cil libmono-addins-gui0.2-cil libmono-addins0.2-cil libmono-cairo4.0-cil
  libmono-corlib4.5-cil libmono-i18n-west4.0-cil libmono-i18n4.0-cil libmono-posix4.0-cil libmono-security4.0-cil libmono-sharpzip4.84-cil libmono-system-configuration4.0-cil
  libmono-system-core4.0-cil libmono-system-drawing4.0-cil libmono-system-security4.0-cil libmono-system-xml4.0-cil libmono-system4.0-cil mono-4.0-gac mono-gac mono-runtime
  mono-runtime-common mono-runtime-sgen
Suggested packages:
  monodoc-gtk2.0-manual libmono-i18n4.0-all libgamin0
The following NEW packages will be installed
  binfmt-support ca-certificates-mono cli-common gnome-icon-theme libgdiplus libglib2.0-cil libgtk2.0-cil libmono-addins-gui0.2-cil libmono-addins0.2-cil libmono-cairo4.0-cil
  libmono-corlib4.5-cil libmono-i18n-west4.0-cil libmono-i18n4.0-cil libmono-posix4.0-cil libmono-security4.0-cil libmono-sharpzip4.84-cil libmono-system-configuration4.0-cil
  libmono-system-core4.0-cil libmono-system-drawing4.0-cil libmono-system-security4.0-cil libmono-system-xml4.0-cil libmono-system4.0-cil mono-4.0-gac mono-gac mono-runtime
  mono-runtime-common mono-runtime-sgen pinta
0 to upgrade, 28 to newly install, 0 to remove and 16 not to upgrade.
Need to get 16.1 MB of archives.
After this operation, 40.6 MB of additional disk space will be used.
Do you want to continue? [Y/n] 
Get:1 http://gb.archive.ubuntu.com/ubuntu xenial/main amd64 binfmt-support amd64 2.1.6-1 [50.7 kB]
Get:2 http://gb.archive.ubuntu.com/ubuntu xenial/main amd64 libmono-corlib4.5-cil all 4.2.1.102+dfsg2-7ubuntu4 [993 kB]
Get:3 http://gb.archive.ubuntu.com/ubuntu xenial/main amd64 libmono-system-xml4.0-cil all 4.2.1.102+dfsg2-7ubuntu4 [810 kB]
Get:4 http://gb.archive.ubuntu.com/ubuntu xenial/main amd64 libmono-system-security4.0-cil all 4.2.1.102+dfsg2-7ubuntu4 [53.2 kB]
Get:5 http://gb.archive.ubuntu.com/ubuntu xenial/main amd64 libmono-system-configuration4.0-cil all 4.2.1.102+dfsg2-7ubuntu4 [52.4 kB]
Get:6 http://gb.archive.ubuntu.com/ubuntu xenial/main amd64 libmono-system4.0-cil all 4.2.1.102+dfsg2-7ubuntu4 [622 kB]
Get:7 http://gb.archive.ubuntu.com/ubuntu xenial/main amd64 libmono-security4.0-cil all 4.2.1.102+dfsg2-7ubuntu4 [109 kB]
Get:8 http://gb.archive.ubuntu.com/ubuntu xenial/main amd64 mono-4.0-gac all 4.2.1.102+dfsg2-7ubuntu4 [20.6 kB]
Get:9 http://gb.archive.ubuntu.com/ubuntu xenial/main amd64 mono-gac all 4.2.1.102+dfsg2-7ubuntu4 [16.4 kB]
Get:10 http://gb.archive.ubuntu.com/ubuntu xenial/main amd64 mono-runtime-common amd64 4.2.1.102+dfsg2-7ubuntu4 [202 kB]
Get:11 http://gb.archive.ubuntu.com/ubuntu xenial/main amd64 mono-runtime-sgen amd64 4.2.1.102+dfsg2-7ubuntu4 [1,230 kB]
Get:12 http://gb.archive.ubuntu.com/ubuntu xenial/main amd64 mono-runtime amd64 4.2.1.102+dfsg2-7ubuntu4 [12.3 kB]
Get:13 http://gb.archive.ubuntu.com/ubuntu xenial/main amd64 ca-certificates-mono all 4.2.1.102+dfsg2-7ubuntu4 [15.4 kB]
Get:14 http://gb.archive.ubuntu.com/ubuntu xenial/main amd64 cli-common all 0.9+nmu1 [171 kB]
Get:15 http://gb.archive.ubuntu.com/ubuntu xenial/universe amd64 gnome-icon-theme all 3.12.0-1ubuntu3 [9,630 kB]
Get:16 http://gb.archive.ubuntu.com/ubuntu xenial/main amd64 libgdiplus amd64 4.2-1ubuntu1 [139 kB]                                                                                           
Get:17 http://gb.archive.ubuntu.com/ubuntu xenial/main amd64 libglib2.0-cil amd64 2.12.10-6 [41.7 kB]                                                                                         
Get:18 http://gb.archive.ubuntu.com/ubuntu xenial/main amd64 libmono-cairo4.0-cil all 4.2.1.102+dfsg2-7ubuntu4 [28.6 kB]                                                                      
Get:19 http://gb.archive.ubuntu.com/ubuntu xenial/main amd64 libmono-system-drawing4.0-cil all 4.2.1.102+dfsg2-7ubuntu4 [129 kB]                                                              
Get:20 http://gb.archive.ubuntu.com/ubuntu xenial/main amd64 libgtk2.0-cil amd64 2.12.10-6 [428 kB]                                                                                           
Get:21 http://gb.archive.ubuntu.com/ubuntu xenial/main amd64 libmono-sharpzip4.84-cil all 4.2.1.102+dfsg2-7ubuntu4 [58.5 kB]                                                                  
Get:22 http://gb.archive.ubuntu.com/ubuntu xenial/main amd64 libmono-posix4.0-cil all 4.2.1.102+dfsg2-7ubuntu4 [71.1 kB]                                                                      
Get:23 http://gb.archive.ubuntu.com/ubuntu xenial/main amd64 libmono-system-core4.0-cil all 4.2.1.102+dfsg2-7ubuntu4 [239 kB]                                                                 
Get:24 http://gb.archive.ubuntu.com/ubuntu xenial/universe amd64 libmono-addins0.2-cil all 1.0+git20130406.adcd75b-4 [198 kB]                                                                 
Get:25 http://gb.archive.ubuntu.com/ubuntu xenial/universe amd64 libmono-addins-gui0.2-cil all 1.0+git20130406.adcd75b-4 [64.0 kB]                                                            
Get:26 http://gb.archive.ubuntu.com/ubuntu xenial/main amd64 libmono-i18n4.0-cil all 4.2.1.102+dfsg2-7ubuntu4 [20.5 kB]                                                                       
Get:27 http://gb.archive.ubuntu.com/ubuntu xenial/main amd64 libmono-i18n-west4.0-cil all 4.2.1.102+dfsg2-7ubuntu4 [23.6 kB]                                                                  
Get:28 http://gb.archive.ubuntu.com/ubuntu xenial/universe amd64 pinta all 1.6-2 [691 kB]                                                                                                     
Fetched 16.1 MB in 13s (1,166 kB/s)                                                                                                                                                           
Selecting previously unselected package binfmt-support.

<snip>

Preparing to unpack .../archives/pinta_1.6-2_all.deb ...
Unpacking pinta (1.6-2) ...
Processing triggers for systemd (229-4ubuntu7) ...
Processing triggers for ureadahead (0.100.0-19) ...
Processing triggers for man-db (2.7.5-1) ...
Processing triggers for gnome-menus (3.13.3-6ubuntu3.1) ...
Processing triggers for bamfdaemon (0.5.3~bzr0+16.04.20160701-0ubuntu1) ...
Rebuilding /usr/share/applications/bamf-2.index...
Processing triggers for desktop-file-utils (0.22-1ubuntu5) ...
Processing triggers for mime-support (3.59ubuntu1) ...
Processing triggers for ca-certificates (20160104ubuntu1) ...
Updating certificates in /etc/ssl/certs...
0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.
Processing triggers for libc-bin (2.23-0ubuntu3) ...
Processing triggers for hicolor-icon-theme (0.15-0ubuntu1) ...
Setting up binfmt-support (2.1.6-1) ...
update-binfmts: warning: /usr/share/binfmts/cli: no executable /usr/bin/cli found, but continuing anyway as you request
Setting up cli-common (0.9+nmu1) ...
Setting up gnome-icon-theme (3.12.0-1ubuntu3) ...
Setting up libgdiplus (4.2-1ubuntu1) ...
Setting up libmono-security4.0-cil (4.2.1.102+dfsg2-7ubuntu4) ...
Setting up mono-4.0-gac (4.2.1.102+dfsg2-7ubuntu4) ...
Setting up mono-gac (4.2.1.102+dfsg2-7ubuntu4) ...
update-alternatives: using /usr/bin/gacutil to provide /usr/bin/cli-gacutil (global-assembly-cache-tool) in auto mode
Setting up mono-runtime-common (4.2.1.102+dfsg2-7ubuntu4) ...
update-binfmts: warning: /usr/share/binfmts/cli: no executable /usr/bin/cli found, but continuing anyway as you request
Setting up mono-runtime-sgen (4.2.1.102+dfsg2-7ubuntu4) ...
Setting up mono-runtime (4.2.1.102+dfsg2-7ubuntu4) ...
update-alternatives: using /usr/bin/mono to provide /usr/bin/cli (cli) in auto mode
Setting up libmono-corlib4.5-cil (4.2.1.102+dfsg2-7ubuntu4) ...
Setting up libmono-system-xml4.0-cil (4.2.1.102+dfsg2-7ubuntu4) ...
Setting up ca-certificates-mono (4.2.1.102+dfsg2-7ubuntu4) ...
Setting up libmono-cairo4.0-cil (4.2.1.102+dfsg2-7ubuntu4) ...
Setting up libmono-i18n4.0-cil (4.2.1.102+dfsg2-7ubuntu4) ...
Setting up libmono-i18n-west4.0-cil (4.2.1.102+dfsg2-7ubuntu4) ...
Setting up libmono-system-security4.0-cil (4.2.1.102+dfsg2-7ubuntu4) ...
Setting up libmono-system4.0-cil (4.2.1.102+dfsg2-7ubuntu4) ...
Setting up libglib2.0-cil (2.12.10-6) ...
* Installing 1 assembly from libglib2.0-cil into Mono
Setting up libmono-system-drawing4.0-cil (4.2.1.102+dfsg2-7ubuntu4) ...
Setting up libgtk2.0-cil (2.12.10-6) ...
* Installing 5 assemblies from libgtk2.0-cil into Mono
Setting up libmono-sharpzip4.84-cil (4.2.1.102+dfsg2-7ubuntu4) ...
Setting up libmono-posix4.0-cil (4.2.1.102+dfsg2-7ubuntu4) ...
Setting up libmono-system-core4.0-cil (4.2.1.102+dfsg2-7ubuntu4) ...
Setting up libmono-addins0.2-cil (1.0+git20130406.adcd75b-4) ...
* Installing 18 assemblies from libmono-addins0.2-cil into Mono
Setting up libmono-addins-gui0.2-cil (1.0+git20130406.adcd75b-4) ...
* Installing 6 assemblies from libmono-addins-gui0.2-cil into Mono
Setting up pinta (1.6-2) ...
Setting up libmono-system-configuration4.0-cil (4.2.1.102+dfsg2-7ubuntu4) ...
Processing triggers for systemd (229-4ubuntu7) ...
Processing triggers for ureadahead (0.100.0-19) ...
Processing triggers for libc-bin (2.23-0ubuntu3) ...
Processing triggers for ca-certificates (20160104ubuntu1) ...
Updating certificates in /etc/ssl/certs...
0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
Updating Mono key store
Linux Cert Store Sync - version 4.2.1.0
Synchronize local certs with certs from local Linux trust store.
Copyright 2002, 2003 Motus Technologies. Copyright 2004-2008 Novell. BSD licensed.

I already trust 0, your new list has 173
Certificate added: CN=ACCVRAIZ1, OU=PKIACCV, O=ACCV, C=ES
Certificate added: CN=ACEDICOM Root, OU=PKI, O=EDICOM, C=ES
Certificate added: C=CO, O=Sociedad Cameral de Certificación Digital - Certicámara S.A., CN=AC Raíz Certicámara S.A.
Certificate added: C=IT, L=Milan, O=Actalis S.p.A./03358520967, CN=Actalis Authentication Root CA
Certificate added: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
Certificate added: C=SE, O=AddTrust AB, OU=AddTrust TTP Network, CN=AddTrust Class 1 CA Root
Certificate added: C=SE, O=AddTrust AB, OU=AddTrust TTP Network, CN=AddTrust Public CA Root
Certificate added: C=SE, O=AddTrust AB, OU=AddTrust TTP Network, CN=AddTrust Qualified CA Root
Certificate added: C=US, O=AffirmTrust, CN=AffirmTrust Commercial
Certificate added: C=US, O=AffirmTrust, CN=AffirmTrust Networking
Certificate added: C=US, O=AffirmTrust, CN=AffirmTrust Premium
Certificate added: C=US, O=AffirmTrust, CN=AffirmTrust Premium ECC
Certificate added: C=JP, O=Japanese Government, OU=ApplicationCA
Certificate added: CN=Atos TrustedRoot 2011, O=Atos, C=DE
Certificate added: C=ES, CN=Autoridad de Certificacion Firmaprofesional CIF A62634068
Certificate added: C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
Certificate added: C=NO, O=Buypass AS-983163327, CN=Buypass Class 2 CA 1
Certificate added: C=NO, O=Buypass AS-983163327, CN=Buypass Class 2 Root CA
Certificate added: C=NO, O=Buypass AS-983163327, CN=Buypass Class 3 Root CA
Certificate added: C=SK, L=Bratislava, O=Disig a.s., CN=CA Disig
Certificate added: C=SK, L=Bratislava, O=Disig a.s., CN=CA Disig Root R1
Certificate added: C=SK, L=Bratislava, O=Disig a.s., CN=CA Disig Root R2
Certificate added: C=CN, O=WoSign CA Limited, CN=CA WoSign ECC Root
Certificate added: C=CN, O=China Financial Certification Authority, CN=CFCA EV ROOT
Certificate added: C=CN, O=CNNIC, CN=CNNIC ROOT
Certificate added: C=GB, S=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO Certification Authority
Certificate added: C=GB, S=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO ECC Certification Authority
Certificate added: C=GB, S=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
Certificate added: C=EU, O=AC Camerfirma SA CIF A82743287, OU=http://www.chambersign.org, CN=Chambers of Commerce Root
Certificate added: C=EU, O=AC Camerfirma SA CIF A82743287, OU=http://www.chambersign.org, CN=Global Chambersign Root
Certificate added: C=CN, O=WoSign CA Limited, CN=Certification Authority of WoSign G2
Certificate added: C=FR, O=Dhimyotis, CN=Certigna
Certificate added: C=FR, O=Certinomis, OU=0002 433998903, CN=Certinomis - Autorité Racine
Certificate added: C=FR, O=Certinomis, OU=0002 433998903, CN=Certinomis - Root CA
Certificate added: C=FR, O=Certplus, CN=Class 2 Primary CA
Certificate added: C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
Certificate added: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
Certificate added: C=EU, L=Madrid (see current address at www.camerfirma.com/address), OID.2.5.4.5=A82743287, O=AC Camerfirma S.A., CN=Chambers of Commerce Root - 2008
Certificate added: C=CN, O=China Internet Network Information Center, CN=China Internet Network Information Center EV Certificates Root
Certificate added: CN=ComSign CA, O=ComSign, C=IL
Certificate added: C=GB, S=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
Certificate added: C=GB, S=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=Secure Certificate Services
Certificate added: C=GB, S=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=Trusted Certificate Services
Certificate added: O="Cybertrust, Inc", CN=Cybertrust Global Root
Certificate added: C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 2009
Certificate added: C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 EV 2009
Certificate added: C=US, O=Digital Signature Trust, OU=DST ACES, CN=DST ACES CA X6
Certificate added: O=Digital Signature Trust Co., CN=DST Root CA X3
Certificate added: C=DE, O=Deutsche Telekom AG, OU=T-TeleSec Trust Center, CN=Deutsche Telekom Root CA 2
Certificate added: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
Certificate added: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root G2
Certificate added: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root G3
Certificate added: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
Certificate added: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
Certificate added: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G3
Certificate added: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
Certificate added: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Trusted Root G4
Certificate added: C=TR, L=Ankara, O=E-Tuğra EBG Bilişim Teknolojileri ve Hizmetleri A.Ş., OU=E-Tugra Sertifikasyon Merkezi, CN=E-Tugra Certification Authority
Certificate added: CN=EBG Elektronik Sertifika Hizmet Sağlayıcısı, O=EBG Bilişim Teknolojileri ve Hizmetleri A.Ş., C=TR
Certificate added: C=ES, O=Agencia Catalana de Certificacio (NIF Q-0801176-I), OU=Serveis Publics de Certificacio, OU=Vegeu https://www.catcert.net/verarrel (c)03, OU=Jerarquia Entitats de Certificacio Catalanes, CN=EC-ACC
Certificate added: C=EE, O=AS Sertifitseerimiskeskus, CN=EE Certification Centre Root CA, [email protected]
Certificate added: O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
Certificate added: C=US, O="Entrust, Inc.", OU=www.entrust.net/CPS is incorporated by reference, OU="(c) 2006 Entrust, Inc.", CN=Entrust Root Certification Authority
Certificate added: C=US, O="Entrust, Inc.", OU=See www.entrust.net/legal-terms, OU="(c) 2012 Entrust, Inc. - for authorized use only", CN=Entrust Root Certification Authority - EC1
Certificate added: C=US, O="Entrust, Inc.", OU=See www.entrust.net/legal-terms, OU="(c) 2009 Entrust, Inc. - for authorized use only", CN=Entrust Root Certification Authority - G2
Certificate added: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
Certificate added: C=US, O=Equifax Secure Inc., CN=Equifax Secure Global eBusiness CA-1
Certificate added: C=US, O=Equifax Secure Inc., CN=Equifax Secure eBusiness CA-1
Certificate added: C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
Certificate added: C=US, O=GeoTrust Inc., CN=GeoTrust Global CA 2
Certificate added: C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
Certificate added: C=US, O=GeoTrust Inc., OU=(c) 2007 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G2
Certificate added: C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
Certificate added: C=US, O=GeoTrust Inc., CN=GeoTrust Universal CA
Certificate added: C=US, O=GeoTrust Inc., CN=GeoTrust Universal CA 2
Certificate added: OU=GlobalSign ECC Root CA - R4, O=GlobalSign, CN=GlobalSign
Certificate added: OU=GlobalSign ECC Root CA - R5, O=GlobalSign, CN=GlobalSign
Certificate added: C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
Certificate added: OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
Certificate added: OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
Certificate added: C=EU, L=Madrid (see current address at www.camerfirma.com/address), OID.2.5.4.5=A82743287, O=AC Camerfirma S.A., CN=Global Chambersign Root - 2008
Certificate added: C=US, O="The Go Daddy Group, Inc.", OU=Go Daddy Class 2 Certification Authority
Certificate added: C=US, S=Arizona, L=Scottsdale, O="GoDaddy.com, Inc.", CN=Go Daddy Root Certificate Authority - G2
Certificate added: C=GR, O=Hellenic Academic and Research Institutions Cert. Authority, CN=Hellenic Academic and Research Institutions RootCA 2011
Certificate added: C=HK, O=Hongkong Post, CN=Hongkong Post Root CA 1
Certificate added: C=FR, S=France, L=Paris, O=PM/SGDN, OU=DCSSI, CN=IGC/A, [email protected]
Certificate added: C=US, O=IdenTrust, CN=IdenTrust Commercial Root CA 1
Certificate added: C=US, O=IdenTrust, CN=IdenTrust Public Sector Root CA 1
Certificate added: C=ES, O=IZENPE S.A., CN=Izenpe.com
Certificate added: [email protected], C=EE, O=AS Sertifitseerimiskeskus, CN=Juur-SK
Certificate added: C=HU, L=Budapest, O=Microsec Ltd., OU=e-Szigno CA, CN=Microsec e-Szigno Root CA
Certificate added: C=HU, L=Budapest, O=Microsec Ltd., CN=Microsec e-Szigno Root CA 2009, [email protected]
Certificate added: C=HU, L=Budapest, O=NetLock Kft., OU=Tanúsítványkiadók (Certification Services), CN=NetLock Arany (Class Gold) Főtanúsítvány
Certificate added: C=HU, L=Budapest, O=NetLock Halozatbiztonsagi Kft., OU=Tanusitvanykiadok, CN=NetLock Uzleti (Class B) Tanusitvanykiado
Certificate added: C=HU, L=Budapest, O=NetLock Halozatbiztonsagi Kft., OU=Tanusitvanykiadok, CN=NetLock Expressz (Class C) Tanusitvanykiado
Certificate added: C=HU, S=Hungary, L=Budapest, O=NetLock Halozatbiztonsagi Kft., OU=Tanusitvanykiadok, CN=NetLock Kozjegyzoi (Class A) Tanusitvanykiado
Certificate added: C=HU, L=Budapest, O=NetLock Halozatbiztonsagi Kft., OU=Tanusitvanykiadok, CN=NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado, [email protected]
Certificate added: C=US, O=Network Solutions L.L.C., CN=Network Solutions Certificate Authority
Certificate added: C=CH, O=WISeKey, OU=Copyright (c) 2005, OU=OISTE Foundation Endorsed, CN=OISTE WISeKey Global Root GA CA
Certificate added: C=CH, O=WISeKey, OU=OISTE Foundation Endorsed, CN=OISTE WISeKey Global Root GB CA
Certificate added: [email protected], L=Chacao, S=Miranda, OU=Proveedor de Certificados PROCERT, O=Sistema Nacional de Certificacion Electronica, C=VE, CN=PSCProcert
Certificate added: C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
Certificate added: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 1 G3
Certificate added: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
Certificate added: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3
Certificate added: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 3
Certificate added: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 3 G3
Certificate added: O=RSA Security Inc, OU=RSA Security 2048 V3
Certificate added: C=ES, O=Generalitat Valenciana, OU=PKIGVA, CN=Root CA Generalitat Valenciana
Certificate added: C=DE, S=Baden-Wuerttemberg (BW), L=Stuttgart, O=Deutscher Sparkassen Verlag GmbH, CN=S-TRUST Authentication and Encryption Root CA 2005:PN
Certificate added: C=DE, O=Deutscher Sparkassen Verlag GmbH, OU=S-TRUST Certification Services, CN=S-TRUST Universal Root CA
Certificate added: C=JP, O="Japan Certification Services, Inc.", CN=SecureSign RootCA11
Certificate added: C=US, O=SecureTrust Corporation, CN=SecureTrust CA
Certificate added: C=US, O=SecureTrust Corporation, CN=Secure Global CA
Certificate added: C=JP, O="SECOM Trust Systems CO.,LTD.", OU=Security Communication EV RootCA1
Certificate added: C=JP, O="SECOM Trust Systems CO.,LTD.", OU=Security Communication RootCA2
Certificate added: C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1
Certificate added: C=FI, O=Sonera, CN=Sonera Class1 CA
Certificate added: C=FI, O=Sonera, CN=Sonera Class2 CA
Certificate added: C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden EV Root CA
Certificate added: C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden Root CA
Certificate added: C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden Root CA - G2
Certificate added: C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden Root CA - G3
Certificate added: C=US, O="Starfield Technologies, Inc.", OU=Starfield Class 2 Certification Authority
Certificate added: C=US, S=Arizona, L=Scottsdale, O="Starfield Technologies, Inc.", CN=Starfield Root Certificate Authority - G2
Certificate added: C=US, S=Arizona, L=Scottsdale, O="Starfield Technologies, Inc.", CN=Starfield Services Root Certificate Authority - G2
Certificate added: C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
Certificate added: C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
Certificate added: C=IL, O=StartCom Ltd., CN=StartCom Certification Authority G2
Certificate added: C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2
Certificate added: C=CH, O=SwissSign AG, CN=SwissSign Platinum CA - G2
Certificate added: C=CH, O=SwissSign AG, CN=SwissSign Silver CA - G2
Certificate added: C=ch, O=Swisscom, OU=Digital Certificate Services, CN=Swisscom Root CA 1
Certificate added: C=ch, O=Swisscom, OU=Digital Certificate Services, CN=Swisscom Root CA 2
Certificate added: C=ch, O=Swisscom, OU=Digital Certificate Services, CN=Swisscom Root EV CA 2
Certificate added: C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 2
Certificate added: C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 3
Certificate added: C=DE, O=TC TrustCenter GmbH, OU=TC TrustCenter Class 3 CA, CN=TC TrustCenter Class 3 CA II
Certificate added: CN=TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı, C=TR, L=Ankara, O=TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş. (c) Aralık 2007
Certificate added: C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Global Root CA
Certificate added: C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Root Certification Authority
Certificate added: C=TW, O=Government Root Certification Authority
Certificate added: O=TeliaSonera, CN=TeliaSonera Root CA v1
Certificate added: C=GB, O=Trustis Limited, OU=Trustis FPS Root CA
Certificate added: C=TR, L=Gebze - Kocaeli, O=Türkiye Bilimsel ve Teknolojik Araştırma Kurumu - TÜBİTAK, OU=Ulusal Elektronik ve Kriptoloji Araştırma Enstitüsü - UEKAE, OU=Kamu Sertifikasyon Merkezi, CN=TÜBİTAK UEKAE Kök Sertifika Hizmet Sağlayıcısı - Sürüm 3
Certificate added: C=TR, L=Ankara, O=TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş., CN=TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5
Certificate added: C=TR, L=Ankara, O=TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş., CN=TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6
Certificate added: C=US, S=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
Certificate added: C=US, O="VeriSign, Inc.", OU=VeriSign Trust Network, OU="(c) 2007 VeriSign, Inc. - For authorized use only", CN=VeriSign Class 3 Public Primary Certification Authority - G4
Certificate added: C=US, O="VeriSign, Inc.", OU=VeriSign Trust Network, OU="(c) 2006 VeriSign, Inc. - For authorized use only", CN=VeriSign Class 3 Public Primary Certification Authority - G5
Certificate added: C=US, O="VeriSign, Inc.", OU=VeriSign Trust Network, OU="(c) 2008 VeriSign, Inc. - For authorized use only", CN=VeriSign Universal Root Certification Authority
Certificate added: C=US, O="VeriSign, Inc.", OU=Class 1 Public Primary Certification Authority
Certificate added: C=US, O="VeriSign, Inc.", OU=Class 1 Public Primary Certification Authority - G2, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network
Certificate added: C=US, O="VeriSign, Inc.", OU=VeriSign Trust Network, OU="(c) 1999 VeriSign, Inc. - For authorized use only", CN=VeriSign Class 1 Public Primary Certification Authority - G3
Certificate added: C=US, O="VeriSign, Inc.", OU=Class 2 Public Primary Certification Authority - G2, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network
Certificate added: C=US, O="VeriSign, Inc.", OU=VeriSign Trust Network, OU="(c) 1999 VeriSign, Inc. - For authorized use only", CN=VeriSign Class 2 Public Primary Certification Authority - G3
Certificate added: C=US, O="VeriSign, Inc.", OU=Class 3 Public Primary Certification Authority
Certificate added: C=US, O="VeriSign, Inc.", OU=Class 3 Public Primary Certification Authority - G2, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network
Certificate added: C=US, O="VeriSign, Inc.", OU=VeriSign Trust Network, OU="(c) 1999 VeriSign, Inc. - For authorized use only", CN=VeriSign Class 3 Public Primary Certification Authority - G3
Certificate added: C=US, O="VeriSign, Inc.", OU=Class 3 Public Primary Certification Authority
Certificate added: C=US, O=VISA, OU=Visa International Service Association, CN=Visa eCommerce Root
Certificate added: C=US, O=Wells Fargo WellsSecure, OU=Wells Fargo Bank NA, CN=WellsSecure Public Root Certificate Authority
Certificate added: C=CN, O=WoSign CA Limited, CN=Certification Authority of WoSign
Certificate added: C=CN, O=WoSign CA Limited, CN=CA 沃通根证书
Certificate added: C=US, OU=www.xrampsecurity.com, O=XRamp Security Services Inc, CN=XRamp Global Certification Authority
Certificate added: C=RO, O=certSIGN, OU=certSIGN ROOT CA
Certificate added: C=TW, O="Chunghwa Telecom Co., Ltd.", OU=ePKI Root Certification Authority
Certificate added: C=US, O="thawte, Inc.", OU=Certification Services Division, OU="(c) 2006 thawte, Inc. - For authorized use only", CN=thawte Primary Root CA
Certificate added: C=US, O="thawte, Inc.", OU="(c) 2007 thawte, Inc. - For authorized use only", CN=thawte Primary Root CA - G2
Certificate added: C=US, O="thawte, Inc.", OU=Certification Services Division, OU="(c) 2008 thawte, Inc. - For authorized use only", CN=thawte Primary Root CA - G3
173 new root certificates were added to your trust store.
Import process completed.
Done
done.
    
pregunta this.lau_ 16.08.2016 - 11:11
fuente

1 respuesta

13

Los mensajes que ve son parte de la instalación de ca-certificates-mono que requiere mono (.NET runtime para Linux) que se requiere para su programa.

¡

ca-certificates-mono en realidad no instala certificados nuevos! Lo que hace es agregar sus certificados existentes al almacén de claves mono. Mono no usa el almacén de certificados del sistema (un grupo de archivos en alguna carpeta como /etc/ssl/certs/ ) pero tiene su propio almacén de certificados binarios. Para permitir que los programas que usan mono para verificar las conexiones TLS, mono necesita los certificados raíz allí. Debido a que la instalación de nuevos certificados seleccionados por desarrolladores mono puede ser un riesgo de seguridad, no envían certificados raíz CA con mono. En su lugar, importan todos los certificados que usted (o el proveedor de su distribución) ya confían en el almacén de confianza mono.

Así que no hay de qué preocuparse. Lo que debe tener en cuenta es que si cambia los certificados en los que confía, también debe actualizar el mono trust store para reflejar los cambios.

En general: Si bien, en este caso, apt-get no instaló los certificados, es muy probable que todos los certificados que tiene se instalen con el paquete ca-certificates . Todos los paquetes instalados con apt-get están firmados por su distribuidor (debian, ubuntu, ...) o alguien en quien confíe explícitamente (si agrega alguna clave con apt-key ). Si no confías en ellos, probablemente no deberías instalar el software provisto por ellos. Si debe confiar en cualquier CA es un pregunta diferente ...

    
respondido por el Josef 16.08.2016 - 11:31
fuente

Lea otras preguntas en las etiquetas