On Sun, Oct 16, 2005 at 03:59:17PM +0200, Wouter Verhelst wrote: > Such a tool would be very nice, and not just because of the cruft they > leave behind -- many packages currently support SSL connections; some > automatically generate a self-signed certificate upon installation, > others leave that to the admin. Some use debconf to ask information for > the certificate (or to warn that a certificate has to be generated > before SSL will be enabled), some don't. > > A unified API to clean up this mess would be very interesting. i would suggest that in addition to supplying an api, it would be very helpful to provide all the debconf templates and maintainer script logic as well. i do such an approach in dbconfig-common and it works quite well, such that the only thing maintainers of other packages who want to use my features need to do is add two lines to their maintainer scripts and update their dependencies. this reduces duplicate code, keeps implementation bugs very well confined, provides a common feel across different packages. it also makes translators' lives a lot easier. also, i think extreme care should be take wrt these ssl certificates. i don't think they should be blindly purged at package removal (or probably even package purge) time, without getting permission from the local admin. sean --
Attachment:
signature.asc
Description: Digital signature