ca-certificates 2014.2.1 will remove several still valid CA certificates with weak keys
Kai Engert
kaie at kuix.de
Tue Aug 19 14:31:27 UTC 2014
On Tue, 2014-08-19 at 10:07 -0400, Miloslav Trmač wrote:
> That’s the right thing to do of course, but leaves the users with an
> unusable system in the mean time. Could the update description at
> least generally point to how to work around this if the certificate
> owner is not (sufficiently quickly) responsive?
I'd expect that users would be blocked from using just one application,
or from connecting to just a few servers - but should be able to connect
to the majority of the Internet just fine.
Can you think of scenarios, where a system is mostly unusable?
A general workaround is to downgrade to the previous package version, do
you think we need to state that explicitly in the update description?
Kai
More information about the devel
mailing list