[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#486081: ssl-cert: Debconf abuse: is there *really* a need to stop installation to tell users about certificate replacement?

> Critical level debconf notes should be kept for things that users *must
> absolutely see*.
>
> The text of the note you added in the last release of the package says
> that....the note can be ignored if one does not know what it is about.
>
> It means that the package will handle the certificate rempalcement gently.
> So I really see no reason to interrupt all upgrades (including etch->lenny
> upgrades?) for this.

This was how the security upgrades for the ssl issue were handled and I
see no reason to deviate in ssl-cert. It is likely that the ssl-cert
update will be in a etch point release before lenny release (but
openssl-blacklist needs to be uploaded to stable first). Therefore
etch->lenny upgrades are not an issue.

For people who actually use the certificate, it is important to see the
message. Otherwise they might (or at least should) think that there was a
MITM attack in progress. But not all users of ssl-cert will actually use
the default certificate, hence the last line of the text.

Stefan
Reply to: