[Mono-bugs] [Bug 79991][Nor] New - Machine cert store location not FHS compliant
bugzilla-daemon at bugzilla.ximian.com
bugzilla-daemon at bugzilla.ximian.com
Mon Nov 20 08:08:43 EST 2006
Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.
Changed by pawel.sakowski at mindbreeze.com.
http://bugzilla.ximian.com/show_bug.cgi?id=79991
--- shadow/79991 2006-11-20 08:08:43.000000000 -0500
+++ shadow/79991.tmp.6176 2006-11-20 08:08:43.000000000 -0500
@@ -0,0 +1,41 @@
+Bug#: 79991
+Product: Mono: Class Libraries
+Version: 1.2
+OS: GNU/Linux [Other]
+OS Details:
+Status: NEW
+Resolution:
+Severity:
+Priority: Normal
+Component: Mono.Security
+AssignedTo: sebastien at ximian.com
+ReportedBy: pawel.sakowski at mindbreeze.com
+QAContact: mono-bugs at ximian.com
+TargetMilestone: ---
+URL:
+Cc:
+Summary: Machine cert store location not FHS compliant
+
+X509StoreManager.LocalMachine uses a store placed under
+Environment.GetFolderPath(Environment.SpecialFolder.CommonApplicationData),
+which resolves to "/usr/share".
+
+FHS 2.3 says:
+
+"The /etc hierarchy contains configuration files. A "configuration file" is
+a local file used to control the operation
+of a program"
+
+"The /usr/share hierarchy is for all read-only architecture independent
+data files. [...] Any program or package which contains or requires data
+that doesn’t need to be modified should store that data
+in /usr/share"
+
+The certificates are definitely rather configuration than read-only. The
+/usr root is meant to be mountable R/O, explicitly providing programmatic
+access to import new certificates to the machine store contradicts that
+possibility.
+
+Either the location of the machine cert stores or more generally
+Environment.SpecialFolder.CommonApplicationData, should be switched to a
+location under /etc (mono_get_config_dir()?).
More information about the mono-bugs
mailing list