[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ca-certificates symlinks out of /etc

On Tue, Oct 31, 2006 at 07:10:45PM +0100, martin f krafft wrote:

>   cat /etc/ssl/certs/cacert-class3.pem >> /etc/ssl/certs/cacert.pem
> on systems that needed access to all of CACert's certificates.

Btw., mounting /usr read-only is a good way to prevent stupid bugs like
this. You can configure apt to re-mount it r/w when during package
install/removal so upgrade/install still works, and that catches 99% of
the cases you want to write under /usr. For the other 1% forcing you to
think and remount it manually is actually a good thing.


     MTA SZTAKI Computer and Automation Research Institute
                Hungarian Academy of Sciences

Reply to: