On 9/17/2011 6:21 PM, Craig White wrote: > On Sat, 2011-09-17 at 16:05 -0400, David wrote: >> On 9/17/2011 3:59 PM, Fernando Cassia wrote: >>> On Sat, Sep 17, 2011 at 16:46, David <dgboles@xxxxxxxxx> wrote: >>>> Sure there is. They come with the Firefox and Thunderbird updates. They >>>> are named security updates. >>>> >>>> -- >>>> >>>> David >>> >>> I mean if you accidentally delete good certificates ie AOL, Comodo, >>> RSA, there is no way to easily reset certificates to the default state >>> other than deinstalling and reinstalling the whole browser. >>> >>> Of course you can wait for future security updates that includes >>> updates to the certs, but what if none comes in the next update?. >> >> >> Refresh the rpm is the easiest way that I can think of to do that >> without uninstalling and them reinstalling. >> >> And, as I recall, if you go to a site for which you do not not have a >> certificate you are offered to accept it and add it. Not a disaster but >> a slight inconvenience for the careless user. > ---- > I don't think refreshing the rpm or even un/re installing will 'reset' > certificates but I haven't tested myself. > > And what we are talking about is root certificates which actually > comprise the highest level of a certificate chain. If you delete (or > mark as not trusted) a root certificate and you go to a web site that is > signed by the root certificate that you have indicated should not be > trusted, it will come up as untrusted and you are given some rather dire > warnings - the same as if you were presented a certificate that is > 'self-signed'. I would recommend that even if you 'accept' (get > certificate, trust, possibly permanently store) that you don't do any > actual commerce with that site. Actually do not choose to store it > permanently because the next time you go to the site, you will likely > have forgotten that there is no chain of trust. I *really* have no idea what, just what, Fedora did here with this. But I do know that the Generic Linux, and the Mac, and the Windows updates fixed this. Are you saying that Fedora f*cked this up? Then I would think that your problem would be with Fedora. And the gnomes that live under your bed. -- David -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines