Because we have to continue shipping the cert .pems anyway, for other platforms, and because OpenSSL has issues with the chaining when reading from ca-certificates.crt, it doesn't seem like trying to get them added to ca-certificates.crt (which seems to have quite a complex process to do), won't affect security at all. And if the cert is changed on the server, validation will fail as-is since the certs would no longer match until we ship an update. Agreed on IRC to just close the bug.
Because we have to continue shipping the cert .pems anyway, for other platforms, and because OpenSSL has issues with the chaining when reading from ca-certificates .crt, it doesn't seem like trying to get them added to ca-certificates.crt (which seems to have quite a complex process to do), won't affect security at all. And if the cert is changed on the server, validation will fail as-is since the certs would no longer match until we ship an update. Agreed on IRC to just close the bug.