Examining the changes, it seems to have updated the
maemo-security-certman package (which builds libmaemosec0, libmaemosec-certman0, maemosec-certman-tools and maemosec-certman-common-ca packages). The previous version was 0.1.6. The new version is 0.2.0 and the changes seem to be:
maemo-security-certman (0.1.7) unstable; urgency=low

* Added '-e' command line switch to cmcli to echo the
key id of installed certificates.
Fixes: NB#154963

maemo-security-certman (0.1.8) unstable; urgency=low

* Backported fix of NB#172389 from Harmattan: cryptoki_module causes
a crash if not all certificates can be fetched from the store.
This can be caused by a broken store or similar causes.
Fixes: MB#10423
* Updated the root certificate set.

maemo-security-certman (0.1.9) unstable; urgency=low

Updated the root certificate set. Removed the compromised
DigiNotar CA and a bunch of expired roots and added the new
roots. Common-ca now matches NSS 3.13 changeset 76201:04a58ba1ce1e
of Aug 31, 2011 from http://hg.mozilla.org/mozilla-central/.
Also backported from Harmattan the handling of several certificates
with the same public key, which is needed for Verisign roots
00d85a4c25c... and f3a27298eeb...

maemo-security-certman (0.2.0) unstable; urgency=low

Added explicit blacklisting of compromised or rogue
certificates following the Mozilla model. A new shared
cert domain "blacklist" now contains all blocker certs from
Mozilla's built-in certdata.txt as in changeset 76451:cf1ba8f0dbf7
Sep 02. See Mozilla bug 683261 for further information.
The downside is that the blacklisted certificates appear
in the settings applet as if they were valid since it shows the
contents of all domains regardless of their type the same way.
This must be fixed in the maemo-security-certificates-applet.

maemo-security-certman is LGPL and the source code for versions up to 0.2.0 (including any new dev packages) is at http://gitorious.org/maemo-5-certifi...curity-certman including all the root CAs and keys

There was also an update to maemo-security-certman-applet (which builds maemosec-certman-applet and libmaemosec-certman-applet0) from version 0.1.2 to version 0.1.4. Changes seem to be:
maemo-security-certman-applet (0.1.3) unstable; urgency=low

* Handle properly certificate names with markup characters in them
Fixes: NB#122916

maemo-security-certman-applet (0.1.4) unstable; urgency=low

Release 0.1.4
Mark blacklisted certificates invalid. Also replaced the faulty
debian/copyright file with proper license info.

This package is unfortunatly "nokia proprietary" licensed. There is a git page here http://maemo.gitorious.org/maemo-af/...certman-applet that just says something about "maemo-security-certman-applet" being gone.

As for the CSSU, they can already pull the 0.2.0 maemo-security-certman into their own maemo-security-certman tree (if they havent already done so), its just the update to maemo-security-certman-applet they are waiting for Nokia on. I suspect that maemo-security-certman-applet will remain closed source but with permission given to the CSSU to distribute the maemosec-certman-applet_0.1.4+0m5_armel.deb and libmaemosec-certman-applet0_0.1.4+0m5_armel.deb packages.

The good thing is that with maemo-security-certman being LGPL and open source, updating it with new root certificate sets in the future is definatly possible.