Bug#298689: Bug with Debian Apache2 logrotate script

To: 298689@bugs.debian.org
Subject: Bug#298689: Bug with Debian Apache2 logrotate script
From: "Marcus C. Gottwald" <gottwald@quantum-hydrometrie.de>
Date: Fri, 21 Apr 2006 13:27:13 +0200
Message-id: <[🔎] 20060421112713.GA11702@quantum-hydrometrie.de>
Reply-to: "Marcus C. Gottwald" <gottwald@quantum-hydrometrie.de>, 298689@bugs.debian.org
In-reply-to: <1409.203.54.24.112.1116285792.squirrel@mail.0c3.net>
References: <200505161711.47097.heiko.stuebner@nexst4.de> <1409.203.54.24.112.1116285792.squirrel@mail.0c3.net>

On Tue 2005-May-17 09:23:12 +1000, Adam Conrad wrote:

> Perhaps the more interesting question for you is: Why do you use
> passphrases on your SSL certs?  If they're only readable by root, what
> have you gained with a passphrase?

My reason for using a passphrase protected key (and stumbling
right into the logrotate problem) is that this key is used for a
certificate physically present on several machines -- and the
backups thereof!

I do realize that if "online" access as root is gained, I'm
doomed. However, trying to protect against the situation where
someone gets "offline" access to a copy of the file seems to be
a very valid reason. Just the same reason for which you're
protecting your private PGP key with a passphrase...

Regards,

Marcus

-- 
   Marcus C. Gottwald <gottwald@quantum-hydrometrie.de>
                       Quantum Hydrometrie GmbH, Berlin

Reply to:

Prev by Date: libapr0 postinstall script creates strange symbolic links
Next by Date: Bug#364182: apache2.conf: .tgz cannot be x-tar
Previous by thread: libapr0 postinstall script creates strange symbolic links
Next by thread: Bug#364182: apache2.conf: .tgz cannot be x-tar
Index(es):
- Date
- Thread