Unless I am mistaken, I just noticed that openca-common includes:>
/var/lib/openca/crypto/index.txt /var/lib/openca/crypto/serial
This means that upgrading the openca-common package will overwrite these files without any warning or question.
Is this really desirable?
This happens only with packages. The makefiles will detect existing index.txt and serial. A crash of these files is no problem because OpenCA can recover these files (see recovery section of node interface).
Also I am going to remove world readable permissions on this directory (and instead only allow access by the www-data user):
/var/lib/openca/crypto/keys
I will fix filepermissions to 640 and directory permissions of var to 750.
Are there any other directories that should not be world readable?
I don't know. If you find some then please report it and we fix our makefiles.
Michael -- ------------------------------------------------------------------- Michael Bell Email: [EMAIL PROTECTED] ZE Computer- und Medienservice Tel.: +49 (0)30-2093 2482 (Computing Centre) Fax: +49 (0)30-2093 2704 Humboldt-University of Berlin Unter den Linden 6 10099 Berlin Email (private): [EMAIL PROTECTED] Germany http://www.openca.org
-------------------------------------------------------
This SF.net email is sponsored by:Crypto Challenge is now open! Get cracking and register here for some mind boggling fun and the chance of winning an Apple iPod:
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en
_______________________________________________
OpenCA-Devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-devel
