Re: ca-certificates symlinks out of /etc
On Tue, Oct 31, 2006 at 07:10:45PM +0100, martin f krafft wrote:
> cat /etc/ssl/certs/cacert-class3.pem >> /etc/ssl/certs/cacert.pem
>
> on systems that needed access to all of CACert's certificates.
Btw., mounting /usr read-only is a good way to prevent stupid bugs like
this. You can configure apt to re-mount it r/w when during package
install/removal so upgrade/install still works, and that catches 99% of
the cases you want to write under /usr. For the other 1% forcing you to
think and remount it manually is actually a good thing.
Gabor
--
---------------------------------------------------------
MTA SZTAKI Computer and Automation Research Institute
Hungarian Academy of Sciences
---------------------------------------------------------
Reply to: