Issue #7292 has been updated by Daniel Pittman. Category set to Faces Status changed from Unreviewed to Needs Decision Assignee set to Nigel Kersten Target version set to Statler Affected Puppet version set to 2.7.0rc1
Nigel, I have no idea how many ways this might violate the expectations of users, or the security model of SSL, but I *thought* that entrance to a CRL was supposed to be irrevocable and all. Anyway, probably better schedule the heck out of this one ASAP. ---------------------------------------- Bug #7292: certificate_revocation_list face can blow away the local copy of the CRL https://projects.puppetlabs.com/issues/7292 Author: Nick Fagerlund Status: Needs Decision Priority: Normal Assignee: Nigel Kersten Category: Faces Target version: Statler Affected Puppet version: 2.7.0rc1 Keywords: Branch: So if you try invoking delete on the crl face with a `--terminus rest`, it'll fail and complain that delete won't accept options. But it'll quite happily delete your local copy of the CA's CRL! Without even warning you about it. [root@hawkmaster ~]# puppet certificate_revocation_list destroy x notice: Removing file Puppet::SSL::CertificateRevocationList x at '/var/lib/puppet/ssl/crl.pem' 1 -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
