[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Managing SSL certificates

On Sun, Oct 16, 2005 at 03:59:17PM +0200, Wouter Verhelst wrote:
> Such a tool would be very nice, and not just because of the cruft they
> leave behind -- many packages currently support SSL connections; some
> automatically generate a self-signed certificate upon installation,
> others leave that to the admin. Some use debconf to ask information for
> the certificate (or to warn that a certificate has to be generated
> before SSL will be enabled), some don't.
> A unified API to clean up this mess would be very interesting.

i would suggest that in addition to supplying an api, it would be
very helpful to provide all the debconf templates and maintainer
script logic as well.  i do such an approach in dbconfig-common
and it works quite well, such that the only thing maintainers
of other packages who want to use my features need to do is
add two lines to their maintainer scripts and update their dependencies.
this reduces duplicate code, keeps implementation bugs very well confined,
provides a common feel across different packages.  it also makes
translators' lives a lot easier.

also, i think extreme care should be take wrt these ssl certificates.
i don't think they should be blindly purged at package removal (or
probably even package purge) time, without getting permission from
the local admin.



Attachment: signature.asc
Description: Digital signature

Reply to: