Bug#230485: marked as done (apache2/ssl-cert's debconf abuse makes baby jesus cry)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Sun, 06 Apr 2008 10:38:14 +0200
with message-id <87wsnbgyyx.fsf@xoog.err.no>
and subject line Re: Bug#230485: apache2/ssl-cert's debconf abuse makes baby jesus cry
has caused the Debian Bug report #230485,
regarding apache2/ssl-cert's debconf abuse makes baby jesus cry
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
230485: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=230485
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: apache2/ssl-cert's debconf abuse makes baby jesus cry
• From: Joey Hess <joeyh@debian.org>
• Date: Sat, 31 Jan 2004 00:28:06 -0500
• Message-id: <20040131052806.GA12994@kitenet.net>

Package: ssl-cert
Severity: normal

Read and weep:

Configuration file `/etc/init.d/apache2'
 ==> File on system created by you or by a script.
 ==> File also in package provided by package maintainer.
   What would you like to do about it ?  Your options are:
    Y or I  : install the package maintainer's version
    N or O  : keep your currently-installed version
      D     : show the differences between the versions
      Z     : background this process to examine the situation
 The default action is to keep your current version.
*** apache2 (Y/I/N/O/D/Z) [default=N] ? y
Installing new version of config file /etc/init.d/apache2 ...
Configuring 
------------

The two letter code for your Country. (ie GB) (countryName)

:-) Country Name US

Your state, county or province. (stateOrProvinceName)

:-) State or Province Name TN        

The name of the city or town that you live in. (localityName)

:-) Locality Name Bristol      

The name of the company or organisation the certificate is for.
(organisationName)

:-! Organisation Name kitenet.net     

The Division or section of the organisation the certificate is for.
(organisationalUnitName)

:-) Organisational Unit Name                      

The host name of the server the certificate is for. This must be filled in.
(commonName)

:-! Host Name localhost

The email address that should be associated with the certificate.

:-) Email Address webmaster@localhost

Generating a 1024 bit RSA private key
................++++++
...............................++++++
writing new private key to '/etc/apache2/ssl/apache.pem'
-----
problems making Certificate Request
15035:error:0D07A098:asn1 encoding routines:ASN1_mbstring_copy:string too short:a_mbstr.c:147:minsize=1
dpkg: error processing apache2-common (--configure):
 subprocess post-installation script returned error exit status 1

Note that: 

 - I have never edited /etc/init.d/apache, to the best of my knowledge.
 - This stuff is not in a config script, and it should be.
 - No, I didn't know what the hell I was configuring until it crashed.
   Something to do with apache? What? You have to due truly stupid
   things to make debconf do that.
 - Every single one of the questions has an insufficiently detailed
   description. And stupid defaults.
 - None of the short descriptions end in colons, and all should.
 - Although I kinda guessed it was a SSL cert, this just inclined me to
   enter random garbage, since I run my OWN CA, and already have my OWN
   CERT SETUP.
 - There was insufficient checking done on the input, and no error handling.
   No, I am not in an organisation, why should I make one up?
 - There are many ways to guess what country I'm in, and none were used.
   Note that during a debian install, this would in some cases be the
   7th distinct time a user was asked what country he was in. Isn't that
   a little insane?
 - If there was a "all debconf usage blocked" blacklist in debconf,
   I would be adding apache2 to it right now.
 - It wrote a /etc/apache2/ssl/apache.pem, but did not configure apache to
   actually use it in place of my previously existing cert. Good thing too,
   or this bug report would be grave..

-- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux dragon 2.4.24 #1 Thu Jan 8 15:48:32 EST 2004 i686
Locale: LANG=en_US, LC_CTYPE=en_US

-- 
see shy jo

Attachment: signature.asc
Description: Digital signature

--- End Message ---

--- Begin Message ---

• To: 230485-done@bugs.debian.org
• Subject: Re: Bug#230485: apache2/ssl-cert's debconf abuse makes baby jesus cry
• From: Tollef Fog Heen <tfheen@err.no>
• Date: Sun, 06 Apr 2008 10:38:14 +0200
• Message-id: <87wsnbgyyx.fsf@xoog.err.no>
• Mail-followup-to: debian-apache@lists.debian.org
• In-reply-to: <20040131052806.GA12994@kitenet.net> (Joey Hess's message of "Sat\, 31 Jan 2004 00\:28\:06 -0500")
• References: <20040131052806.GA12994@kitenet.net>

Version: 1.0.15

[...]

I believe all your concerns have been addressed in the 1.0.15 upload,
so closing this bug.  In default installations, you won't see a
question from ssl-cert at all any more.

-- 
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are

--- End Message ---