[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#389444: marked as done (ca-certificates: clarify consequences of accepting/rejecting certs)

Your message dated Sun, 23 Oct 2011 22:20:05 -0500
with message-id <4EA4D965.8000805@pbandjelly.org>
and subject line Closing 389444
has caused the Debian Bug report #389444,
regarding ca-certificates: clarify consequences of accepting/rejecting certs
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
389444: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=389444
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: ca-certificates
Version: 20060816
Severity: minor


While dist-upgrading I was asked:

  ?????????????????????? ca-certificates configuration ???????????????????????
  ? During the upgrade, these new certificates will be added. Do you trust   ?
  ? them and want them installed into /etc/ssl/certs?                        ?
  ?                                                                          ?
  ? Select new certificates to activate:                                     ?
  ?                                                                          ?
  ?    [ ] spi-inc.org/SPI_CA_2006-cacert.crt                                ?
  ?                                                                          ?
  ?                                                                          ?
  ?                                  <Ok>                                    ?
  ?                                                                          ?
  ????????????????????????????????????????????????????????????????????????????

I did not know what this certificate was to be used for what
risk might come if I selected the cert or what 
functionality might break, if I rejected it. Things didn't 
satisfactorily clear up after reading 
/usr/share/doc/ca-certificates/README.Debian. There is also 
db.debian.org certificate so I was unsure if spi-inc might
sign maliciously modified debian packages which I might
install. I'm not sure which certificates are used for 
https, imaps or ssh.

Currently I believe spi-inc.org/SPI_CA_2006-cacert.crt is 
a certificate authority public key used to verify 
signatures on public keys used for https encryption.

Thanks, Bernhard


-- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (700, 'testing'), (650, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.17.6
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages ca-certificates depends on:
ii  debconf [debconf-2.0]         1.5.4      Debian configuration management sy
ii  openssl                       0.9.8b-3   Secure Socket Layer (SSL) binary a

ca-certificates recommends no packages.

-- debconf information:
  ca-certificates/enable_crts: brasil.gov.br/brasil.gov.br.crt, cacert.org/cacert.org.crt, mozilla/ABAecom_=sub.__Am._Bankers_Assn.=_Root_CA.crt, mozilla/AOL_Time_Warner_Root_Certification_Authority_1.crt, mozilla/AOL_Time_Warner_Root_Certification_Authority_2.crt, mozilla/AddTrust_External_Root.crt, mozilla/AddTrust_Low-Value_Services_Root.crt, mozilla/AddTrust_Public_Services_Root.crt, mozilla/AddTrust_Qualified_Certificates_Root.crt, mozilla/America_Online_Root_Certification_Authority_1.crt, mozilla/America_Online_Root_Certification_Authority_2.crt, mozilla/Baltimore_CyberTrust_Root.crt, mozilla/Certum_Root_CA.crt, mozilla/Comodo_AAA_Services_root.crt, mozilla/Comodo_Secure_Services_root.crt, mozilla/Comodo_Trusted_Services_root.crt, mozilla/Digital_Signature_Trust_Co._Global_CA_1.crt, mozilla/Digital_Signature_Trust_Co._Global_CA_2.crt, mozilla/Digital_Signature_Trust_Co._Global_CA_3.crt, mozilla/Digital_Signature_Trust_Co._Global_CA_4.crt, mozilla/Entrust.net_Global_Secu
 re_Personal_CA.crt, mozilla/Entrust.net_Global_Secure_Server_CA.crt, mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt, mozilla/Entrust.net_Secure_Personal_CA.crt, mozilla/Entrust.net_Secure_Server_CA.crt, mozilla/Equifax_Secure_CA.crt, mozilla/Equifax_Secure_Global_eBusiness_CA.crt, mozilla/Equifax_Secure_eBusiness_CA_1.crt, mozilla/Equifax_Secure_eBusiness_CA_2.crt, mozilla/GTE_CyberTrust_Global_Root.crt, mozilla/GTE_CyberTrust_Root_CA.crt, mozilla/GeoTrust_Global_CA.crt, mozilla/GlobalSign_Root_CA.crt, mozilla/IPS_CLASE1_root.crt, mozilla/IPS_CLASE3_root.crt, mozilla/IPS_CLASEA1_root.crt, mozilla/IPS_CLASEA3_root.crt, mozilla/IPS_Chained_CAs_root.crt, mozilla/IPS_Servidores_root.crt, mozilla/IPS_Timestamping_root.crt, mozilla/QuoVadis_Root_CA.crt, mozilla/RSA_Root_Certificate_1.crt, mozilla/RSA_Security_1024_v3.crt, mozilla/RSA_Security_2048_v3.crt, mozilla/Security_Communication_Root_CA.crt, mozilla/Sonera_Class_1_Root_CA.crt, mozilla/Sonera_Class_2_Root_CA.crt, mozi
 lla/Staat_der_Nederlanden_Root_CA.crt, mozilla/TC_TrustCenter__Germany__Class_2_CA.crt, mozilla/TC_TrustCenter__Germany__Class_3_CA.crt, mozilla/TDC_Internet_Root_CA.crt, mozilla/TDC_OCES_Root_CA.crt, mozilla/Thawte_Personal_Basic_CA.crt, mozilla/Thawte_Personal_Freemail_CA.crt, mozilla/Thawte_Personal_Premium_CA.crt, mozilla/Thawte_Premium_Server_CA.crt, mozilla/Thawte_Server_CA.crt, mozilla/Thawte_Time_Stamping_CA.crt, mozilla/UTN-USER_First-Network_Applications.crt, mozilla/UTN_DATACorp_SGC_Root_CA.crt, mozilla/UTN_USERFirst_Email_Root_CA.crt, mozilla/UTN_USERFirst_Hardware_Root_CA.crt, mozilla/UTN_USERFirst_Object_Root_CA.crt, mozilla/ValiCert_Class_1_VA.crt, mozilla/ValiCert_Class_2_VA.crt, mozilla/Verisign_Class_1_Public_Primary_Certification_Authority.crt, mozilla/Verisign_Class_1_Public_Primary_Certification_Authority_-_G2.crt, mozilla/Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.crt, mozilla/Verisign_Class_1_Public_Primary_OCSP_Responder.crt, mozilla
 /Verisign_Class_2_Public_Primary_Certification_Authority.crt, mozilla/Verisign_Class_2_Public_Primary_Certification_Authority_-_G2.crt, mozilla/Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.crt, mozilla/Verisign_Class_2_Public_Primary_OCSP_Responder.crt, mozilla/Verisign_Class_3_Public_Primary_Certification_Authority.crt, mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G2.crt, mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.crt, mozilla/Verisign_Class_3_Public_Primary_OCSP_Responder.crt, mozilla/Verisign_Class_4_Public_Primary_Certification_Authority_-_G2.crt, mozilla/Verisign_Class_4_Public_Primary_Certification_Authority_-_G3.crt, mozilla/Verisign_RSA_Secure_Server_CA.crt, mozilla/Verisign_Secure_Server_OCSP_Responder.crt, mozilla/Verisign_Time_Stamping_Authority_CA.crt, mozilla/Visa_International_Global_Root_2.crt, mozilla/Visa_eCommerce_Root.crt, mozilla/beTRUSTed_Root_CA-Baltimore_Implementation.crt, mozilla/beTRUSTe
 d_Root_CA.crt, mozilla/beTRUSTed_Root_CA_-_Entrust_Implementation.crt, mozilla/beTRUSTed_Root_CA_-_RSA_Implementation.crt, quovadis.bm/QuoVadis_Root_Certification_Authority.crt, signet.pl/signet_ca1_pem.crt, signet.pl/signet_ca2_pem.crt, signet.pl/signet_ca3_pem.crt, signet.pl/signet_ocspklasa2_pem.crt, signet.pl/signet_ocspklasa3_pem.crt, signet.pl/signet_pca2_pem.crt, signet.pl/signet_pca3_pem.crt, signet.pl/signet_rootca_pem.crt, signet.pl/signet_tsa1_pem.crt, spi-inc.org/spi-ca.crt, spi-inc.org/SPI_CA_2006-cacert.crt
* ca-certificates/new_crts: spi-inc.org/SPI_CA_2006-cacert.crt
* ca-certificates/trust_new_crts: ask

--- End Message ---
--- Begin Message --- 
/usr/share/doc/ca-certificates/README.Debian and debconf templates have
had numerous updates since 2006 and are quite clear.  Closing.

-- 
Kind regards,
Michael

--- End Message ---
Reply to: