Bug#795892: wheezy-pu: package ssl-cert/1.0.32+deb7u1

To: Stefan Fritsch <sf@sfritsch.de>, 795892@bugs.debian.org
Subject: Bug#795892: wheezy-pu: package ssl-cert/1.0.32+deb7u1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Fri, 21 Aug 2015 15:46:44 +0100
Message-id: <[🔎] 1440168404.13537.13.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 795892@bugs.debian.org
In-reply-to: <[🔎] E1ZROst-0004oV-74@eru.sfritsch.de>
References: <[🔎] E1ZROst-0004oV-74@eru.sfritsch.de>

Control: tags -1 + confirmed

On Sun, 2015-08-16 at 13:43 +0200, Stefan Fritsch wrote:
> Please review ssl-cert_1.0.32+deb7u1 for inclusion in oldstable. The
> main change is switching from sha1 to sha256 for new certificates
> because browsers start marking sha1 as insecure.

I'm assuming that tools in wheezy either cope with SHA256 or have
corresponding bugs about fixing that.

> ssl-cert (1.0.32+deb7u1) wheezy; urgency=medium
> 
>   * Switch to SHA2 for newly generated certificates. Closes: #733255, #773815

#773815 should get a fixed version, rather than being tagged squeeze
+wheezy with version tracking that claims it affects unstable.

>   * Set umask to make sure that the generated key is not world-readable
>     for a short timespan while make-ssl-cert runs. Closes: #780828

Looks reasonable; please go ahead.

Regards,

Adam

Reply to:

Follow-Ups:
- Bug#795892: wheezy-pu: package ssl-cert/1.0.32+deb7u1
  - From: Stefan Fritsch <sf@sfritsch.de>

References:
- Bug#795892: wheezy-pu: package ssl-cert/1.0.32+deb7u1
  - From: Stefan Fritsch <sf@sfritsch.de>

Prev by Date: Bug#779670: wheezy-pu: package maven2-core/2.2.1-8+deb7u1
Next by Date: Processed: reassign 795465 to ftp.debian.org
Previous by thread: Bug#795892: wheezy-pu: package ssl-cert/1.0.32+deb7u1
Next by thread: Bug#795892: wheezy-pu: package ssl-cert/1.0.32+deb7u1
Index(es):
- Date
- Thread