Hi testers, developer, users, hackers, and friends! We'd like to invite you to our Shared System Certificates Test Day [1] on this Thursday, March 28 [2]. You can test this feature running from Fedora 19 live images and help to make this release better. Join IRC #fedora-test-day on FreeNode and ask QA or developers for help if you have problems with any of the tests. Feel free to report a bug to Bugzilla usually for the component ca-certificates, or p11-kit. If you are unsure about exactly how to file the report or what other information to include, just ask on IRC and we will help you. 1. https://fedoraproject.org/wiki/Features/SharedSystemCertificates 2. https://fedoraproject.org/wiki/Test_Day:2013-03-28_Shared_System_Certificates - Some facts about Shared System Certificates - The intention of the project is to have a single point for CA certificates and trust configuration on a Linux system, which can be consumed by multiple cryptographic toolkits and applications, including, but not limited to, Mozilla Firefox and NSS. As part of the p11-kit open source project, Stef Walter developed a software PKCS#11 module that can act as a compatible replacement for one of the components of NSS, the nssckbi module. While nssckbi contains a static set of CA certificates and trust settings, the new p11-kit-trust module is dynamic. It interacts with a shared system area to dynamically obtain the list root CA certificates and their trust settings. The new shared system area, that Linux distributions can use with p11-kit-trust, will be preconfigured with the identical contents as defined by the Mozilla root CA program and as contained in NSS. It can also get updated whenever Mozilla updates the list. However, it can be used to adjust a system's configuration, either to extend, modify or restrict the default trust settings. Because p11-kit-trust will dynamically merge the system specific configuration with the default trust settings, updates to the Mozilla CA list continue to be possible and will be active, unless overriden by system specific rules. In other words, this technology will effectively enable administrators of Linux systems to adjust the root CA list used by Firefox, without having to modify data stored in NSS databases nor in a user's Firefox profile directory, and without having to use the Certificate Manager provided by Firefox. Nevertheless, users of NSS applications such as Firefox will still be able to override or adjust trust settings, which will continue to be stored as user (or Firefox) specific settings. Thanks and Regards! -- Ales "alich" Marecek Position: Base OS Security QE E-mail: amarecek@xxxxxxxxxx IRC: #brno, #qa, #urt, #errata as "alich" or "amarecek" Phone: +420 532 294 175 Office: Brno, Czech Republic Key fingerprint: B54C 6100 5034 4702 AB77 0396 7560 1434 7860 57C9 _______________________________________________ test-announce mailing list test-announce@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/test-announce -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
