[arch-general] Trusting certificates when installing mono

It can be a frequent problem among .NET devs that mono trusts no certificates by default. The usual procedure is to have users manually run `mozroots --import --sync` to trust the same certs Mozilla trusts, but that makes it so that there will always be a manual step after installing your softw

[arch-general] Why are CA certifcates writable for every user?

Hello! When I'm doing "cd /etc/ssl/certs/ && ls -al" I see something like this: [...] lrwxrwxrwx 1 root root102 21. Dez 17:56 Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.pem -> ../../ca-certificates/extracted/cadir/Verisign_Class_1_Public_Primary_Certification_Authority_-_

Re: [arch-general] Why are CA certifcates writable for every user?

Symlinks often (always?) show as 777 permissions. If you look at the actual file that it links to, you'll see the permissions are fine: [darose@daroseneo ~]$ ls -l /etc/ca-certificates/extracted/cadir/Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.pem -r--r--r-- 1 root root 160

Re: [arch-general] Why are CA certifcates writable for every user?

On 05/02/15 02:12 PM, Marcel Kleinfeller wrote: > Hello! > > When I'm doing "cd /etc/ssl/certs/ && ls -al" I see something like this: > > [...] > lrwxrwxrwx 1 root root102 21. Dez 17:56 > Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.pem -> > ../../ca-certificates/extracted/cad

Re: [arch-general] Why are CA certifcates writable for every user?

On Thu, 05 Feb 2015 20:12:31 +0100 Marcel Kleinfeller wrote: > [...] > lrwxrwxrwx 1 root root102 21. Dez 17:56 > Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.pem -> > ../../ca-certificates/extracted/cadir/Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.pem > [...

Re: [arch-general] Why are CA certifcates writable for every user?

Hi On Thu, Feb 5, 2015 at 11:15 AM, David Rosenstrauch wrote: > Symlinks often (always?) show as 777 permissions. Linux manpage for symlinks states http://man7.org/linux/man-pages/man7/symlink.7.html On Linux, the permissions of a symbolic link are not used in any operations; the permissions

Re: [arch-general] Why are CA certifcates writable for every user?

On 05/02/15 19:20, Patrick Burroughs (Celti) wrote: > their actual permissions are those of the target. From what I understand (and tests I've done, and discussions on arch channels on IRC) their actual permissions are inherited from the directory they are in AND from the permissions of a target.