@brokenman Not a bug report but save me doing a pm
I am now reading the config file for the Debian update-certs executable and I like it for 2 reasons
1) Its Debian and offers users more features than our current Fedora based scripts and my <was/ planned/maybe> LFS based scripts.
2) It allows members to individually choose to trust or remove trust of certain Common Name cert authorities.
If I am successful lets pretend the future has information similar to this news item
http://www.itnews.com.au/news/comodo-is ... mes-411662
In case members think I am click baiting here is quote
The eight Comodo certificates included generic host names such as "help", "sums-prod", "hie_stage_user", "mailarchive", and "aits-macl" as well as two .local non-registered internal domains
they don't say which root cert authority is affected ....so much for transparency. There is supposed to be a updated report but I have yet to find it
So a member would use root powers to edit the file
/etc/ca-certificates.conf and if they choose put an ! prefix against Comodo so the lines including the one above and below read
then run as root a script called
which will update certs and generate a new bundle ca-certificates.crt
PS I am not suggesting members should do this.....as there is still no info on exactly what CA crt is affected. Its just an example for sometime in the future
PS2 Its unlikely new members are reading this, but in case they do, be aware that if you use a big web browser ---IT has its own cert database and tend to have configs they disable sslv3 by default so most members are safe to browse on those big browsers. Tested on FF and its true. Likely to be true for PM , Opera, Google-Chrome.
PS3 so if you can afford the download try to use a web browser that updates frequently
thanks for reading
bottom line.....my build script won't be ready in 24 hours.....I got too excited.