cacerts.rc file not included in amd64 builds
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
mercurial (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
The file /etc/mercurial/
This leads to SSL certificates not being checked when cloning repositories over HTTPS - as Mercurial doesn't know where to find a set of trusted certificates. Mercurial presents a warning like this:
"warning: www.mydomainnam
Depending on the network the traffic is going across, this could allow MITM attacks to go un-noticed.
You can compare the files in the two versions of the packages at
http://
and
information type: | Private Security → Public Security |
Yeah, /etc/mercurial/ hgrc.d/ cacerts. rc which would provide an idea what certificates were trusted was lost in Saucy AMD64. Compare http:// packages. ubuntu. com/raring/ amd64/mercurial /filelist to http:// packages. ubuntu. com/saucy/ amd64/mercurial /filelist.