drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Aktualisierung der Zertifikate in ca-certificates
| Name: |
Aktualisierung der Zertifikate in ca-certificates |
|
| ID: |
FEDORA-2015-7892 |
|
| Distribution: |
Fedora |
|
| Plattformen: |
Fedora 21 |
|
| Datum: |
Do, 14. Mai 2015, 21:27 |
|
| Referenzen: |
Keine Angabe |
|
| Applikationen: |
ca-certificates |
|
Originalnachricht |
Name : ca-certificates
Product : Fedora 21
Version : 2015.2.4
Release : 1.0.fc21
URL : https://fedoraproject.org/wiki/CA-Certificates
Summary : The Mozilla CA root certificate bundle
Description :
This package contains the set of CA certificates chosen by the
Mozilla Foundation for use with the Internet PKI.
-------------------------------------------------------------------------------
-
Update Information:
This is an update to the set of CA certificates released with NSS version
3.18.1
However, the package modifies the CA list to keep several legacy CAs still
trusted for compatibility reasons. Please refer to the project URL for details.
If you prefer to use the unchanged list provided by Mozilla, and if you accept
any compatibility issues it may cause, an administrator may configure the system by executing the "ca-legacy disable" command.
This update adds a manual page for the ca-legacy command.
This update changes the names of the possible values in the ca-legacy
configuration file. It still uses the term legacy=disable to override the compatibility option and follow the upstream Mozilla.org decision. However it now uses the term legacy=default for the default configuration, to make it more obvious that the legacy certificates won't be kept enabled forever.
-------------------------------------------------------------------------------
-
ChangeLog:
* Tue May 5 2015 Kai Engert <kaie@redhat.com> - 2015.2.4-1.0
- Update to CKBI 2.4 from NSS 3.18.1 with legacy modifications.
- Fixed a typo in the ca-legacy manual page.
* Tue Mar 31 2015 Kai Engert <kaie@redhat.com> - 2015.2.3-1.1
- Don't use "enable" as a value for the legacy configuration,
instead
of the value "default", to make it clear that this preference
isn't
a promise to keep certificates enabled, but rather that we only
keep them enabled as long as it's considered necessary.
- Changed the configuration file, the ca-legacy utility and filenames
to use the term "default" (instead of the term "enable").
- Added a manual page for the ca-legacy utility.
- Fixed the ca-legacy utility to handle absence of the configuration
setting and treat absence as the default setting.
* Tue Mar 24 2015 Kai Engert <kaie@redhat.com> - 2015.2.3-1.0
- Update to CKBI 2.3 from NSS 3.18 with legacy modifications
- Fixed a mistake in the legacy handling of the upstream 2.2 release:
Removed two AOL certificates from the legacy group, because
upstream didn't remove them as part of phasing out 1024-bit
certificates, which means it isn't necessary to keep them.
- Fixed a mistake in the legacy handling of the upstream 2.1 release:
Moved two NetLock certificates into the legacy group.
* Tue Dec 16 2014 Kai Engert <kaie@redhat.com> - 2014.2.2-1.0
- Update to CKBI 2.2 from NSS 3.17.3 with legacy modifications
- Update project URL
- Cleanup
-------------------------------------------------------------------------------
-
This update can be installed with the "yum" update program. Use
su -c 'yum update ca-certificates' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|
