jdd wrote:
Le 26/10/2011 03:36, Rajko M. a écrit :
On Tuesday, October 25, 2011 11:31:08 AM jdd wrote:
do you have practical example of problems?
Recently one certification authority (company) was removed from all browsers that are still maintained. Reason for that is that they were tricked to issue few fake certificates. KDE3 list is not updated so users are vulnerable.
but do you know of computer compromised by this? When I mean practical, I mean real problem, not virtual ones. For example what the fake certificates where used for?
Well, you have to ask some affected Iranian. This list likely has the wrong audience. Anyways, in general no package must include it's own list of root CA certificates but rather use the distro provided defaults. If you find some package that includes it's own list please file a bug and let the package maintainer fix it (CC security). Should be an easy task. cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org