forcemerge 819107 902620 810216
severity 902620 normal
thanks
Hello Roland,
We definitely want to move to using a more "Debian standard" approach
to the certbot user -- especially for the keys it writes out --, but
it's a complicated problem. For example, many of the certbot plugins
add or alter
Package: certbot
Version: 0.10.2-1
Severity: serious
Tags: security
Justification: 5.b
Dear Maintainer,
certbot.service is configured to be executed with root privileges.
This leads to a potential attack vector while renewing certificates,
especially when using the 'standalone' authenticator.
Fo
2 matches
Mail list logo
