From mboxrd@z Thu Jan 1 00:00:00 1970 From: Giovanni Biscuolo Subject: Re: Renewing certificates with certbot Date: Wed, 06 Mar 2019 15:12:54 +0100 Message-ID: <87h8cgytuh.fsf@roquette.mug.biscuolo.net> References: <87fts0i0ga.fsf@gnu.org> <2af1bc4240159d48ec7883b8c2fac590@lepiller.eu> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Return-path: Received: from eggs.gnu.org ([209.51.188.92]:43225) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1h1XIM-0006Jr-Hc for guix-devel@gnu.org; Wed, 06 Mar 2019 09:13:20 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1h1XIL-0000gp-Jk for guix-devel@gnu.org; Wed, 06 Mar 2019 09:13:18 -0500 In-Reply-To: <2af1bc4240159d48ec7883b8c2fac590@lepiller.eu> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Julien Lepiller , Ludovic =?utf-8?Q?Court=C3=A8s?= Cc: guix-devel@gnu.org --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hi Julien, Julien Lepiller writes: [...] > I don't think this is an issue: the file is world-readable, but the=20 > directory > it's in is not accessible to anyone but root. OpenSMTPD still complains, > but I think there's no security issue. not a seriuos (security) issue but an issue (service warning) should be fixed anyway IMHO, other *future* services could be affacted by this and complain or not start at all your fix should be applied in certbot-service-type service definition if possible (and reported upstream if it depends on the software) WDYT? sorry I can't help fixing this Thanks! Giovanni =2D-=20 Giovanni Biscuolo Xelera IT Infrastructures --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEERcxjuFJYydVfNLI5030Op87MORIFAlx/1WYACgkQ030Op87M ORLO/g/9GQSDPUR5tOxwuyccJrI0DF2ZXe8yf7yQgcpvygP99okaerdk1yP4PPNL yJJSWIHCQgkSJ9hF+FVdPDy6vE/ViiS7zwmQuPdoOUtJS8KnyDhdd3xhULPhQwLv 8nVmRrAy4S7TRkVicD2g7KIww2skE1A3bOkoBjm+ta06/ZV0i3walI6RLAcBFK5t fgQ53h91EKffbMG053ai4Ulg3SScnOzj4Jk+a9/OVvPYc8U2jhJsm2tvGKWs0K6l HuPp3F3pVok/Dx3N2Kw3GDNH4ncSYqQ6Ty+ktWpbnFxCU6d31CE3J+u7OD0hLN0Y iPiKFnMbQf7h3jQcs/hjj8/y7UVyHzp3GG8EV4awQp3nHIOTKIa2gS2ds3U6v6fH 7MkNtpH4oPa/fxr7ZVYnJZ/53QQCcd91R2Kdp5IUYaAp9ziKdeE/xMG4Y8UC/fQc 1UwH0uOuUFP5BUUu3ptWJ1KWEsAcYRTMXJ+Jn4BM7LKmOMbYct6vT6NE3rnwrKvc MAJxdTxQTbTmBYlrZscsFSDNs3cTe+D/wMOOeCSXyFQXt2aMbFz0fU+SRVIndv83 C9H7fcnhsidKdIPJv8tW5LTC8v0CDWH0LC+mS0tN8cnUAZTl8hb2TPh9cpmKNt5B UkWtdoymC/bMGTEeyZ7Mu4D6aLGawXYynxITUGR6MFcHS1WmYF8= =ZkPy -----END PGP SIGNATURE----- --=-=-=--