v0.25.3 release preparation

[cpu]

Description

This branch targets the rel-0.25 branch, which was branched from 22702f5e206604890349983f9c334dbc244d6f18, the last commit on main that's semver compatible with the 0.25.2 release cut from 4730449082b71d0a4f704b9180711e4d03995fc2. It backports the CCADB trust root updates from https://github.com/rustls/webpki-roots/pull/52 to prepare v0.25.3

Proposed Release Notes

New trust anchors:

• CommScope Public Trust RSA Root-01
• CommScope Public Trust RSA Root-02
• CommScope Public Trust ECC Root-01
• CommScope Public Trust ECC Root-02
• TrustAsia Global Root CA G4
• TrustAsia Global Root CA G3

Removed trust anchors:

• Duplicated Autoridad de Certificacion Firmaprofesional CIF A62634068

[cpu]

Why not branch from https://github.com/rustls/webpki-roots/commit/22702f5e206604890349983f9c334dbc244d6f18? Seems a bit more clear in terms of the commit history.

As in start the rel-0.25 branch from 22702f5e206604890349983f9c334dbc244d6f18? In the past when I've made the rel-xxx branches I've always branched from whatever commit was used for the most recent release in that stream, usually the one bumping the Cargo.toml version. It felt like the point releases should always pick up from where the last release left off :thinking:

[djc]

As in start the rel-0.25 branch from 22702f5? In the past when I've made the rel-xxx branches I've always branched from whatever commit was used for the most recent release in that stream, usually the one bumping the Cargo.toml version. It felt like the point releases should always pick up from where the last release left off 🤔

It seems fair game to me to pick a later commit from the main branch that is still compatible with the 0.25.x range. If we make this clear in the PR description (maybe including mentioning the first PR that introduced incompatible changes), I think that would be a cleaner way of maintaining the commit history.

[cpu]

I think that's reasonable for this repo where it's very clear what commit is the delineating point between compatible/incompatible. I will adjust :+1:

[cpu]

• Force pushed an updated rel-0.25 branched from https://github.com/rustls/webpki-roots/commit/22702f5e206604890349983f9c334dbc244d6f18
• Updated PR desc
• Added a Cargo.toml version bump for 0.25.3.

[cpu]

• Pushed a v0.25.3 tag
• Published webpki-roots v0.25.3 at registry crates-io
• Created a GitHub release

I also noticed we were missing tags for 0.25.2, 0.25.1, and 0.25.0. I retroactively pushed all of those tags to GitHub (but haven't created GitHub releases for all of the historic tagged Cargo releases)