Please ignore this change announcement, I was looking at the wrong list (d'oh)
:-/
This change has already been announced and is with FESCo for decision
https://pagure.io/fesco/issue/3293
--
___
devel-announce mailing list -- devel-annou...@lists.fedo
Wiki - https://fedoraproject.org/wiki/Changes/dropingOfCertPemFile
Discussion Thread -
https://discussion.fedoraproject.org/t/f42-change-proposal-dropping-of-cert-pem-file-system-wide/140616
This is a proposed Change for Fedora Linux.
This document represents a proposed Change. As part of the Chan
On Sun, 2024-11-17 at 17:47 -0600, Chris Adams wrote:
> Once upon a time, Adam Williamson said:
> > On Sun, 2024-11-17 at 14:14 -0600, Chris Adams wrote:
> > > Also, there's not a way to test this (e.g. remove the cert.pem symlink
> > > and see what breaks); the change says the speed-up is to use
Once upon a time, Chris Adams said:
> I thought
> maybe this would be something that can be configured in openssl.cnf, but
> it looks like, when testing with "openssl s_client", it looks for certs
> before reading openssl.cnf (which seems weird to me, but so are lots of
> OpenSSL's ways).
Scratch
Once upon a time, Adam Williamson said:
> On Sun, 2024-11-17 at 14:14 -0600, Chris Adams wrote:
> > Also, there's not a way to test this (e.g. remove the cert.pem symlink
> > and see what breaks); the change says the speed-up is to use the
> > directory-hash format by default... but there's no has
On Sun, 2024-11-17 at 14:14 -0600, Chris Adams wrote:
> Once upon a time, Neal Gompa said:
> > This file has to remain on the system for a completely different
> > reason: other crypto libraries may and do probably use this file. It
> > is unreasonable to delete what essentially is our certificate
Once upon a time, Neal Gompa said:
> This file has to remain on the system for a completely different
> reason: other crypto libraries may and do probably use this file. It
> is unreasonable to delete what essentially is our certificate store
> API without going through and fixing *all* crypto lib
On Sun, Nov 17, 2024 at 2:04 PM Kevin Kofler via devel
wrote:
>
> Björn Persson wrote:
> >> == Release Notes ==
> >> The /etc/pki/tls/cert.pem file has been deprecated
> >
> > Removed, not deprecated, according to the rest of the proposal.
> > Sysadmins who read "deprecated" in the release notes w
Björn Persson wrote:
>> == Release Notes ==
>> The /etc/pki/tls/cert.pem file has been deprecated
>
> Removed, not deprecated, according to the rest of the proposal.
> Sysadmins who read "deprecated" in the release notes will think they
> can upgrade Fedora and look into migrating off /etc/pki/tls
> == Release Notes ==
> The /etc/pki/tls/cert.pem file has been deprecated
Removed, not deprecated, according to the rest of the proposal.
Sysadmins who read "deprecated" in the release notes will think they
can upgrade Fedora and look into migrating off /etc/pki/tls/cert.pem
later. They will feel
10 matches
Mail list logo
