[CentOS] was, Re: This doesn't make sense, is the apache update

Fri Sep 23 20:14:32 UTC 2011
Warren Young <warren at etr-usa.com>

On 9/23/2011 1:21 PM, m.roth at 5-cent.us wrote:
> The one thing I don't understand is this: AFAIK, apache release not a
> server update, but an update to the certificate chain, yanking Digitar's
> CA.

What, pray tell, are you talking about?

I assume you mean "DigiNotar", the defunct Dutch CA?

What does the complete collapse of a once-trusted CA have to do with 
Apache?  All this noise about DigiNotar is about bogus server-side 
certs, and how they impact browsers and other client-side SSL users.  I 
have heard nothing about any resulting threat to Apache.  The only one I 
can conceive is something to do with bogus client-side certs, which 
seems pretty unlikely, given how rarely they are used.

Additionally:

- "grep -Ris diginotar /etc/pki" returns nothing.  Ditto for "vasco", 
DigiNotar's parent organization.  This file you are worried about...it 
apparently lives somewhere else, or does not contain these words?

- Googling "diginotar site:mail-archives.apache.org" also returns 
nothing.  So there's a threat to Apache, but no one on any of the Apache 
mailing lists is talking about it?