[Bug 1824411] [NEW] ca-certificates pops a bad debconf prompt on upgrade to disco

Thu, 11 Apr 2019 12:31:14 -0700 

Public bug reported:

On upgrade from cosmic to disco, I get a debconf prompt from ca-
certificates:

     New certificates to activate:

  mozilla/GlobalSign_Root_CA_-_R6.crt
  mozilla/OISTE_WISeKey_Global_Root_GC_CA.crt

Neither of these two new certificates are selected by default.

Looking at the config script, I see that this question is being asked at
critical priority.

It also appears that this is only being asked because ca-
certificates/trust_new_crts is set to 'ask'.  This is not a default
setting and I have no memory of setting this, but the debconf database
says this question has been seen.  It's possible I did choose this
option at some point despite not having memory of it; though I worry
that since this is a continuously-upgraded system, something picked this
for me at some point in the past due to a bug.

But having decided for 'ask', the UX here is still pretty bad.

 - If the package's recommendation (and default behavior) is to enable these 
new certs on upgrade, then the debconf prompt should also have them 
preselected.  Otherwise, this prompt looks like something the package 
maintainer is NOT recommending that you do, so then why prompt for it at all.
 - Presenting only the certificate filenames is not a great basis for anyone 
making a decision about whether or not to enable these certs.  If I actually 
wanted to manage which certs are enabled, in order to make an informed decision 
I would expect to see things like the CN of the cert and possibly some EKU 
information, not a filename.

** Affects: ca-certificates (Ubuntu)
     Importance: Medium
         Status: New

** Changed in: ca-certificates (Ubuntu)
   Importance: Undecided => Medium

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1824411

Title:
  ca-certificates pops a bad debconf prompt on upgrade to disco

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/1824411/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to