Control: reopen -1 Control: tag -1 +pending Le mercredi, 1 septembre 2021, 22.40:57 h CEST Roger Lynn a écrit : > On 27/08/2021 14:33, Didier 'OdyX' Raboud wrote:> Control: tags -1 +wontfix > > > Using Let's Encrypt is fine, allowed, and (apparently) working with CUPS, > > but as that's clearly not a default way of working for CUPS, I'd be > > _very_ reluctant to allow CUPS to access "all the Let's Encrypt > > certificates" on all systems it gets installed to. Furthermore, > > /etc/apparmor.d/usr.sbin.cupsd is a configuration file, freely > > modifiable by the local system administrator. In other words, imposing > > that a local system administrator needs to update that file to enable a > > specific type of certificates is reasonable. > > CUPS appears to already have access to everything in /etc/ssl/ on all > systems, which is where I used to keep my CAcert certificates. This doesn't > feel any different.
You're absolutely right; that's convincing to me! Reopening, and will fix in the next upload. -- OdyX
signature.asc
Description: This is a digitally signed message part.