Jeffrey Altman <jalt...@secure-endpoints.com> writes: > Our advice to Debian is to replace the certificate with one that has an > expiration date before 19 Jan 2038 03:14:07 UTC. Otherwise, Debian will > fail to detect failures of the certificate validation code caused by > patches that might be applied to OpenSSL.
I somewhat think this should have been the case for the certificates supplied in Heimdal. Far better IMHO not to break existing and working platforms at this stage, then to worry about 2038. Hopefully by the time it is 2038, version 8 will have been released by then in anycase. However, regardless, are you able to provide instructions on how to replace the certificates with certificates that expire before 2038? There seem to be a large number of them, if I try to do this by hand I think I will end up wasting a lot of my time. Is there a script or something I can use? https://github.com/quanah/heimdal/commit/e3cd069e5c40b455541508b81ffeb0563e882aed -- Brian May <b...@debian.org>
