On 20/12/14 04:47 AM, Reinis Ivanovs wrote:
The Debian Wiki guide I linked to doesn't work without easy-rsa, and basically every guide I've seen for configuring openvpn with TLS relies on easy-rsa, so a very common use case for openvpn isn't possible without the easy-rsa package, so it should be fair to say that the openvpn package is not fully usable without the easy-rsa package. Moreover, following strict security practices isn't always necessary, so I'm not sure why it needed to be brought up. I'm not setting up openvpn for an organization, just for myself and a quick test, so it's not relevant where the CA is. Finally, it's rather clear that you're replying to keywords and not the meaning of the message, which is more consistent with skimming or scanning, not reading. Declaring that the discussion is over is also a nice touch. All in all, it's been a very pleasant experience to take the time and try and report a problem with using backports.
I'm not sure how familiar you are with Debian backports so I will offer this.. Perhaps you would have more chance to get satisfaction if you took up the issue with the maintainer of the package you want to be able to use rather than with the FTPMaster of the backports repository. It has probably been frustrating for you not being able to do the test you wanted but, until now, no one knew what you were trying so the security advice offered by the FTPMaster did seem appropriate to me.
If you had been upgrading openvpn on a working stable (pure wheezy) system to a newer version of openvpn with the backport then you would have just copied the necessary files to the proper location as instructed by the wiki:
"On Wheezy: # cp -R /usr/share/doc/openvpn/examples/easy-rsa/2.0/* easy-rsa/"Much of this probably falls under the heading of backport users are expected to be more knowledgeable than the "average" user and backports are considered an advanced topic.
Of course, it may take some patience, as you might not get a quick reply to your suggestion. Lots of people might be busy at this time of year and not have time to check the list often or backport a package for you so that you can make a "quick test". The argument that the openvpn backport isn't fully functional without a backport of easy-rsa is probably best made with the maintainer of the package, if they agree with you maybe they will make such a backport.
With the release of the next stable coming up it is possible that there won't be a lot of concern regarding this trivial issue, don't take that personally.
Hope this helps.By the way, this list is a bottom posting list, that is the example Alex is using throughout to make it easier to read in sequence.