Custom Query (1145 matches)

Reported by broder, 15 years ago.

The renew and add shell functions are being provided by debathena-shell-config, but they're also in /usr/athena/lib/init/{bash,csh}rc.

Since the Athena dotfiles still source the system dotfiles, there's no reason to have the functions in both places, and in fact they are currently out of sync, so we should punt them from debathena-dotfiles.

Reported by geofft, 11 years ago.

It's been more than a year since mitcert started issuing certs via InCommon/Internet2 (an intermediate via the well-known AddTrust root), instead of via the MIT CA. I believe this means that all MIT CA-signed certs are now expired, although I haven't checked. If this is the case, we no longer need to ship the MIT CA and configure it in the system trust store.

Chrome / Chromium now has a  certificate authority pinning feature, where several high-risk sites (Google, Twitter, Tor,  etc.) are restricted in which CAs are allowed to sign them. As that article points out, any locally-configured CAs are also permitted, since Chrome can't distinguish private CAs like MIT's from semi-legitimate SSL MITM proxies. This effectively means that the MIT CA is permitted to MITM these high-traffic sites, meaning that including the MIT CA is a security risk (it could get stolen or otherwise misused) for zero security benefit (if there are no unexpired MIT CA-signed certs).

Reported by jdreed, 11 years ago.

It was packaged, but not in any metapackages. You have a week to defend its existence. Go.