Your message dated Sun, 06 Apr 2008 10:38:14 +0200 with message-id <87wsnbgyyx.fsf@xoog.err.no> and subject line Re: Bug#230485: apache2/ssl-cert's debconf abuse makes baby jesus cry has caused the Debian Bug report #230485, regarding apache2/ssl-cert's debconf abuse makes baby jesus cry to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 230485: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=230485 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: apache2/ssl-cert's debconf abuse makes baby jesus cry
- From: Joey Hess <joeyh@debian.org>
- Date: Sat, 31 Jan 2004 00:28:06 -0500
- Message-id: <20040131052806.GA12994@kitenet.net>
Package: ssl-cert Severity: normal Read and weep: Configuration file `/etc/init.d/apache2' ==> File on system created by you or by a script. ==> File also in package provided by package maintainer. What would you like to do about it ? Your options are: Y or I : install the package maintainer's version N or O : keep your currently-installed version D : show the differences between the versions Z : background this process to examine the situation The default action is to keep your current version. *** apache2 (Y/I/N/O/D/Z) [default=N] ? y Installing new version of config file /etc/init.d/apache2 ... Configuring ------------ The two letter code for your Country. (ie GB) (countryName) :-) Country Name US Your state, county or province. (stateOrProvinceName) :-) State or Province Name TN The name of the city or town that you live in. (localityName) :-) Locality Name Bristol The name of the company or organisation the certificate is for. (organisationName) :-! Organisation Name kitenet.net The Division or section of the organisation the certificate is for. (organisationalUnitName) :-) Organisational Unit Name The host name of the server the certificate is for. This must be filled in. (commonName) :-! Host Name localhost The email address that should be associated with the certificate. :-) Email Address webmaster@localhost Generating a 1024 bit RSA private key ................++++++ ...............................++++++ writing new private key to '/etc/apache2/ssl/apache.pem' ----- problems making Certificate Request 15035:error:0D07A098:asn1 encoding routines:ASN1_mbstring_copy:string too short:a_mbstr.c:147:minsize=1 dpkg: error processing apache2-common (--configure): subprocess post-installation script returned error exit status 1 Note that: - I have never edited /etc/init.d/apache, to the best of my knowledge. - This stuff is not in a config script, and it should be. - No, I didn't know what the hell I was configuring until it crashed. Something to do with apache? What? You have to due truly stupid things to make debconf do that. - Every single one of the questions has an insufficiently detailed description. And stupid defaults. - None of the short descriptions end in colons, and all should. - Although I kinda guessed it was a SSL cert, this just inclined me to enter random garbage, since I run my OWN CA, and already have my OWN CERT SETUP. - There was insufficient checking done on the input, and no error handling. No, I am not in an organisation, why should I make one up? - There are many ways to guess what country I'm in, and none were used. Note that during a debian install, this would in some cases be the 7th distinct time a user was asked what country he was in. Isn't that a little insane? - If there was a "all debconf usage blocked" blacklist in debconf, I would be adding apache2 to it right now. - It wrote a /etc/apache2/ssl/apache.pem, but did not configure apache to actually use it in place of my previously existing cert. Good thing too, or this bug report would be grave.. -- System Information: Debian Release: testing/unstable Architecture: i386 Kernel: Linux dragon 2.4.24 #1 Thu Jan 8 15:48:32 EST 2004 i686 Locale: LANG=en_US, LC_CTYPE=en_US -- see shy joAttachment: signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
- To: 230485-done@bugs.debian.org
- Subject: Re: Bug#230485: apache2/ssl-cert's debconf abuse makes baby jesus cry
- From: Tollef Fog Heen <tfheen@err.no>
- Date: Sun, 06 Apr 2008 10:38:14 +0200
- Message-id: <87wsnbgyyx.fsf@xoog.err.no>
- Mail-followup-to: debian-apache@lists.debian.org
- In-reply-to: <20040131052806.GA12994@kitenet.net> (Joey Hess's message of "Sat\, 31 Jan 2004 00\:28\:06 -0500")
- References: <20040131052806.GA12994@kitenet.net>
Version: 1.0.15 [...] I believe all your concerns have been addressed in the 1.0.15 upload, so closing this bug. In default installations, you won't see a question from ssl-cert at all any more. -- Tollef Fog Heen UNIX is user friendly, it's just picky about who its friends are
--- End Message ---