Hi.
On Sun, 2013-07-28 at 17:49 -0500, Michael Shuler wrote: > > Since some time the handling of certs in > > /usr/local/share/ca-certificates/ seems to be broken. > This is rather vague. Could you provide some steps to > reproduce your problem? That came below =) > > Neither are these anymore shown up in debconf on reconfiure > I do not think local certificates were ever available in debconf. Local > certificates placed in /usr/local/share/ca-certificates/ are implicitly > trusted on the system. Don't put them there, if you don't intend them to > be trusted. With that in mind, there is no reason to have them in > debconf - this is for updating trust for those certificates installed > by the package. Well I think that should be changed then,... First,... handling the two places differently is a place for confusion. Secondly,... /usr/local/share/ca-certificates/ is a ideal place where I can store local certificates, but that doesn't necessarily mean that I want them to be everywhere used (and therefore not unconditionally picked up by ca-certificates)... maybe I just want to have it used by a webserver or whatever. > I created a couple test CA certificates, installed test1, updated to > test2, and then removed it successfully. I hope the attached example > helps. Please, let me know some specifics, if I've misunderstood your > report. Yeah... I wasn't aware of the fresh thingy... and could have sworn that the local certs showed up in debconf... well might be wrong ;) So perhaps we can re-dedicate this bug to: Handle local certs as the others and show them in debconf? Cheers, Chris.
smime.p7s
Description: S/MIME cryptographic signature
