Custom Query (1145 matches)
Results (241 - 243 of 1145)
Ticket | Resolution | Summary | Owner | Reporter |
---|---|---|---|---|
#393 | fixed | remove renew and add from debathena-dotfiles | broder | |
Description |
The renew and add shell functions are being provided by debathena-shell-config, but they're also in /usr/athena/lib/init/{bash,csh}rc. Since the Athena dotfiles still source the system dotfiles, there's no reason to have the functions in both places, and in fact they are currently out of sync, so we should punt them from debathena-dotfiles. |
|||
#1389 | fixed | Remove MIT CA from global trust store | geofft | |
Description |
It's been more than a year since mitcert started issuing certs via InCommon/Internet2 (an intermediate via the well-known AddTrust root), instead of via the MIT CA. I believe this means that all MIT CA-signed certs are now expired, although I haven't checked. If this is the case, we no longer need to ship the MIT CA and configure it in the system trust store. Chrome / Chromium now has a certificate authority pinning feature, where several high-risk sites (Google, Twitter, Tor, etc.) are restricted in which CAs are allowed to sign them. As that article points out, any locally-configured CAs are also permitted, since Chrome can't distinguish private CAs like MIT's from semi-legitimate SSL MITM proxies. This effectively means that the MIT CA is permitted to MITM these high-traffic sites, meaning that including the MIT CA is a security risk (it could get stolen or otherwise misused) for zero security benefit (if there are no unexpired MIT CA-signed certs). |
|||
#1334 | fixed | Remove gathlogout | jdreed | |
Description |
It was packaged, but not in any metapackages. You have a week to defend its existence. Go. |