From mboxrd@z Thu Jan  1 00:00:00 1970
From: Giovanni Biscuolo <g@xelera.eu>
Subject: Re: Renewing certificates with certbot
Date: Wed, 06 Mar 2019 15:12:54 +0100
Message-ID: <87h8cgytuh.fsf@roquette.mug.biscuolo.net>
References: <d017a05fe71682cae352ca96feb51a53@lepiller.eu>
	<87fts0i0ga.fsf@gnu.org>
	<2af1bc4240159d48ec7883b8c2fac590@lepiller.eu>
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
	micalg=pgp-sha512; protocol="application/pgp-signature"
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([209.51.188.92]:43225)
	by lists.gnu.org with esmtp (Exim 4.71) (envelope-from <g@xelera.eu>)
	id 1h1XIM-0006Jr-Hc
	for guix-devel@gnu.org; Wed, 06 Mar 2019 09:13:20 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <g@xelera.eu>) id 1h1XIL-0000gp-Jk
	for guix-devel@gnu.org; Wed, 06 Mar 2019 09:13:18 -0500
In-Reply-To: <2af1bc4240159d48ec7883b8c2fac590@lepiller.eu>
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: Julien Lepiller <julien@lepiller.eu>, Ludovic =?utf-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Cc: guix-devel@gnu.org

--=-=-=
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Hi Julien,

Julien Lepiller <julien@lepiller.eu> writes:

[...]

> I don't think this is an issue: the file is world-readable, but the=20
> directory
> it's in is not accessible to anyone but root. OpenSMTPD still complains,
> but I think there's no security issue.

not a seriuos (security) issue but an issue (service warning) should be
fixed anyway IMHO, other *future* services could be affacted by this and
complain or not start at all

your fix should be applied in certbot-service-type service definition if
possible (and reported upstream if it depends on the software)

WDYT?

sorry I can't help fixing this

Thanks!
Giovanni

=2D-=20
Giovanni Biscuolo

Xelera IT Infrastructures

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEERcxjuFJYydVfNLI5030Op87MORIFAlx/1WYACgkQ030Op87M
ORLO/g/9GQSDPUR5tOxwuyccJrI0DF2ZXe8yf7yQgcpvygP99okaerdk1yP4PPNL
yJJSWIHCQgkSJ9hF+FVdPDy6vE/ViiS7zwmQuPdoOUtJS8KnyDhdd3xhULPhQwLv
8nVmRrAy4S7TRkVicD2g7KIww2skE1A3bOkoBjm+ta06/ZV0i3walI6RLAcBFK5t
fgQ53h91EKffbMG053ai4Ulg3SScnOzj4Jk+a9/OVvPYc8U2jhJsm2tvGKWs0K6l
HuPp3F3pVok/Dx3N2Kw3GDNH4ncSYqQ6Ty+ktWpbnFxCU6d31CE3J+u7OD0hLN0Y
iPiKFnMbQf7h3jQcs/hjj8/y7UVyHzp3GG8EV4awQp3nHIOTKIa2gS2ds3U6v6fH
7MkNtpH4oPa/fxr7ZVYnJZ/53QQCcd91R2Kdp5IUYaAp9ziKdeE/xMG4Y8UC/fQc
1UwH0uOuUFP5BUUu3ptWJ1KWEsAcYRTMXJ+Jn4BM7LKmOMbYct6vT6NE3rnwrKvc
MAJxdTxQTbTmBYlrZscsFSDNs3cTe+D/wMOOeCSXyFQXt2aMbFz0fU+SRVIndv83
C9H7fcnhsidKdIPJv8tW5LTC8v0CDWH0LC+mS0tN8cnUAZTl8hb2TPh9cpmKNt5B
UkWtdoymC/bMGTEeyZ7Mu4D6aLGawXYynxITUGR6MFcHS1WmYF8=
=ZkPy
-----END PGP SIGNATURE-----
--=-=-=--