[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#931413: marked as done (fetch-ldap-cert should not renew Debian Edu PKI on clients on every reboot to improve security)

Hi Wolfgang,

On  Sa 10 Aug 2019 12:31:15 CEST, Wolfgang Schweer wrote:

On Sat, Aug 10, 2019 at 10:12:17AM +0000, Debian Bug Tracking System wrote:
Your message dated Sat, 10 Aug 2019 10:08:08 +0000
with message-id <E1hwOIC-000DXU-UO@fasolo.debian.org>
and subject line Bug#931413: fixed in debian-edu-config 2.10.66
has caused the Debian Bug report #931413,
regarding fetch-ldap-cert should not renew Debian Edu PKI on clients on every reboot to improve security
to be marked as done.

There was a still unterminated discussion, see


Mike wanted to test my proposed fix in one of his real world deployments.

But maybe I missed his feedback.


I pushed several commits for fetch-ldap-cert. The script is already unreviewable by an outside anyway (e.g. the release team), but we need to get this (or a later version with more fixes) into the buster 10.1 update.

The commits and the code comments should explain all the reasoning I had when changing the scripts to its new status.

Thanks for having been so patient.


c\o Technik- und Ökologiezentrum Eckernförde
Mike Gabriel, Marienthaler str. 17, 24340 Eckernförde
mobile: +49 (1520) 1976 148
landline: +49 (4351) 850 8940

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

Attachment: pgpgDVH0BBwOk.pgp
Description: Digitale PGP-Signatur

Reply to: