Hello, I'm the maintainer of the ca-certificates package.
Could you please help to confirm that the following system configuration change
doesn't cause any regressions for your use of the Internet?
ca-legacy disable
# (needs to be executed with root permission)
If you see any i
d Fedora 23 to Fedora 24
if ca-legacy is deprecated? Does do those certs get removed upon
upgrade? Seems like they should.
--
Chris Murphy
--
devel mailing list
devel@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org
in upstream Firefox. I don't
see any reason Fedora software should be compatible with more sites than
Firefox. I believe the value of the ca-legacy certificates outweighed the
significant security risk when they improved the compatibility of Fedora
software with Firefox. I was quite disappo
are of any software that still
> needs them.
>
> Since keeping these certificates around is a serious security
> issue, I propose we remove them if nothing "important" still needs
> them.
>
> You can test if any of your software needs these certificates by
> ru
thing "important" still needs them.
You can test if any of your software needs these certificates by
running 'sudo ca-legacy disable'.
Michael
--
devel mailing list
devel@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org
On Fri, 2014-11-21 at 17:17 +0100, Kai Engert wrote:
> https://admin.fedoraproject.org/updates/ca-certificates-2014.2.1-1.5.fc19
> https://admin.fedoraproject.org/updates/ca-certificates-2014.2.1-1.5.fc20
I'd appreciate more testing feedback.
I'd like to push these packages into the stable update
On Fri, 2014-11-21 at 10:45 -0500, Stephen Gallagher wrote:
> Kai, this is very important information buried at the bottom of a long
> email thread; would you mind re-sending this summary in a new thread
> (also to devel-announce) so that people are sure to see it?
done
--
devel mailing list
de
ca-certificates-2014.2.1-1.5.fc21.noarch
Using the new ca-legacy utility, it is possible to disable trust for the
legacy CA certificates as a systemwide configuration, by executing this
command as root:
ca-legacy disable
The configuration will be remembered in /etc/pki/ca-trust/ca-legacy.conf
and wi
he above has been
> (accidentally) pushed as a stable update for Fedora 21 already:
> ca-certificates-2014.2.1-1.5.fc21.noarch
>
> It seems it will be included in the final release of Fedora 21. Given
> that we keep legacy trust enabled, and given that I haven't seen any
> pro
FYI, I'm documenting the changes that we make on top of the Mozilla CA
list at:
https://fedoraproject.org/wiki/CA-Certificates
Kai
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-
n the final release of Fedora 21. Given
that we keep legacy trust enabled, and given that I haven't seen any
problem reports, it's probably OK.
Using the new ca-legacy utility, users/administrators who are willing to
accept the compatibility issues and who prefer to closely follow th
11 matches
Mail list logo
