On Sun, Sep 25, 2016 at 10:31 AM, Ralph Corderoy
<ralph(_at_)inputplus(_dot_)co(_dot_)uk>
wrote:
It's not quite that bad. Debian stable is Jessie, and it has
ca-certificates 20141019+deb8u1 which you'd think was 2014, but
http://metadata.ftp-master.debian.org/changelogs//main/c/
ca-certificates/ca-certificates_20141019+deb8u1_changelog
shows an update on 2015-12-14 to kick out some of the untrustworthy
authorities under
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806239
I'd hope Debian ARM has that.
Ralph,
I sit corrected. I should not have researched that before drinking my
coffee.
I also see another pending update from 2016-08-16 to deb8u2 that has not
yet been pushed.
What would be good to find is a script that can do an audit of a system's
ca-certificates and list any that have been revoked or have expired and run
this on our build servers. A quick google doesn't turn up one for Linux.
Thanks
Jeff
--
Jeffrey C. Honig <jch(_at_)honig(_dot_)net>
https://jchonig.withknown.com
GnuPG ID:14E29E13 <http://jch.honig.net/Home/pgp_key>
Keybase: jchonig <https://keybase.io/jchonig>
_______________________________________________
Nmh-workers mailing list
Nmh-workers(_at_)nongnu(_dot_)org
https://lists.nongnu.org/mailman/listinfo/nmh-workers