On Tuesday 21 August 2007, Robin H. Johnson wrote: > On Tue, Aug 21, 2007 at 04:12:32PM +0200, Natanael Copa wrote: > > I use the gentoo framework to build binary packages. I noticed that most > > packages creates the ssl certificate during src_install(). This makes > > all binary packages contain the ssl certs which is a security threat. > > I filed bug #174759 to the security team back in April on this issue, > and then fixed the openldap package where I had originally found it. > > Anybody using binpkgs obtained from a public repository that contain SSL > certs should ensure that they regenerate the SSL certs on each machine. > > For packages, there are two possible fixes: > 1. Move the docert call into pkg_postinst.
there it is -mike
signature.asc
Description: This is a digitally signed message part.