So I ran into problem described in the attached URL. dotnet restore simply fails on Gentoo. The problem was encountered once Debian removed obsolete Symantec certificates (Gentoo did that in Bug 668932 if I understand correctly). But as attached URL describes, these certificates are obsolete only for establishing TLS connections, for timestamp verification purposes, they can still be used. Debian later reverted certificate deletion (https://lists.debian.org/debian-lts-announce/2021/03/msg00016.html), but Gentoo did not follow. After adding VeriSign_Universal_Root_Certification_Authority.crt to /usr/share/ca-certificates/mozilla dotnet restore started working. Reproducible: Always Steps to Reproduce: 1. Install .NET 5.0 2. Create a simple hello world project with dotnet new console 3. run dotnet restore on the project Actual Results: Restore fails, missing certificates cause dotnet not to trust timestamping certificate. Expected Results: dotnet restore should succeed
ca-certificates-20200601~deb9u2 and ca-certificates-20200601~deb10u2 contain those certificates, but they have NOT been added back to the master ca-certificates repo: https://salsa.debian.org/debian/ca-certificates stretch: present buster: present buster-updates: present bullseye: not present bookworm: not present sid: not present Since the Gentoo package tracks what's in Sid basically, and the certificates are not present in the distfiles used for Sid, it's not in Gentoo. I think you should take it up with the Debian upstream maintainers, who I presume did NOT add the certificates into bullseye/bookworm/side releases on purpose.
