[Bug 1409] Iceweasel does not save exception rule for https://www/lwat
http://bugs.skolelinux.org/show_bug.cgi?id=1409
--- Comment #5 from Oded Naveh <skilinux@gmail.com> 2009-12-25 17:32:49 ---
(In reply to comment #4)
> I suspect the problem is that the file cert_override.txt in /etc/skel/ is a
> symlink, and that this symlink is somehow confusing iceweasel. I suspect we
> really should avoid depending on content in /etc/skel/ to avoid having
> potentially obsolete informasion in the users home directories if the SSL
> certificate of www is changed. What would be the consequence of dropping that
> part of the snakeoil-on-ice?
When a new Iceweasel profile is created, either by starting it for the first
time or explicitly, Iceweasel copies the contents of the _local_
/etc/iceweasel/profile/ into the newly created profile.
Say I start Iceweasel for the first time from a work station where
snakeoil-on-ice was never invoked (Old SLX or non-SLX) then my profile will not
contain the override data.
To cover this scenario /etc/skel/ on main server is used to copy a default
profile to each new user's home.
Note that this doesn't cover the case of intentionally creating a new profile.
I believe that on user's home creation the content and not the symlink is
copied, and that Iceweasel isn't aware of anything in /etc/skel/.
While I agree that use of /etc/skel/ is better left to the local admin, I think
a change of the SSL certificate is bound to make information in users home
directories obsolete, no matter how it got there, less we actively overwrite
it.
--
Configure bugmail: http://bugs.skolelinux.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.
Reply to: