As it's clearly good housekeeping to remove such certificates, we'll see
if we can mark such rpms as 'obsolete' in future lcg-CA-*.rpm releases.
This would mean they are automatically removed when you install the
meta-rpm.
Oliver.
Oliver Keeble Information Technology Department
[log in to unmask] CERN
+41 22 76 72360 CH-1211 Geneva 23
David Groep wrote:
> Hi Fokke, *,
>
> Fokke Dijkstra wrote:
>
>> There is no upgrade for ca_DOESG-Root-0.28-1. Should it be removed?
>
>
> The old DOESG-Root was withdrawn from the list of accredited CAs in the
> 0.27 release, but for compatibility the RPM was still distributed upto
> release
> 0.28 in the standard distribution. In release 0.29, this RPM was
> relocated to the depricated-CA area (the "unknown" RPMs).
> There are no longer any valid certificates signed by this CA, so
> removing the trust anchor will not cause any problems. The CA has been
> retired, but
> or course the security procedures and CP/CPS governing the CA remain in
> effect, so there is no security risks in leaving the trust anchor around.
>
> In the good spirit of "minimal installation", it may be good to remove
> the RPM from the trust anchor repository, though.
>
> Changes from 0.26 to 0.27
> -------------------------
> (22 February 2005)
>
> [...]
> * Removed DOESG-Root from the accredited CA list, as per request of of
> the CA on January 28, 2005. There are no certs left issued by this CA.
>
>
>
> Cheers,
> DavidG.
>
>>
>> Kind regards,
>>
>> Fokke Dijkstra
>>
>> LHC Computer Grid - Rollout wrote:
>>
>>> --------------------------------------------------------------
>>> ----------------------
>>> Publication from : Oliver Keeble <[log in to unmask]>
>>> (CERN) This mail has been sent using the broadcasting tool
>>> available at http://cic.in2p3.fr
>>> --------------------------------------------------------------
>>> ----------------------
>>>
>>> EUGridPMA have announced a new set of CA rpms (v0.29).
>>>
>>> https://www.eugridpma.org/distribution/current/CHANGES
>>>
>>> Please upgrade as soon as you can. See the following page for more
>>> details
>>> http://grid-deployment.web.cern.ch/grid-deployment/lcg2CAlist.html
>>
>>
>>
>>
>>
>> --------
>> Fokke Dijkstra
>> High Performance Computing
>> SARA - Reken- en Netwerkdiensten http://www.sara.nl
>> Tel. +31 20 592 8004 Fax. +31 20 668 3167
>
>
>
|