[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Using the SSL snakeoil certificate

On (30/06/06 10:51), Jaldhar H. Vyas wrote:
> Following up to myself with a proper subject line.
> In bug #376146, Martin Pitt wrote:
> > In an effort to clean up the SSL certificate mess on Ubuntu servers, we
> > recently converted all our supported Server packages to make use of
> > the ssl-cert package instead of creating a package-specific
> > self-signed SSL certificate. This allows admins to easily replace the
> > certificate with a 'real' one without touching dozens of configuration
> > files, and also provides a consistent setup out of the box.
> Is this is a good idea for Debian?  

I hadn't seen the package before and it looks pretty decent. I think it would 
help get some consistency between all of the packages that have to create 
certs. It could perhaps even be wrapped up in to a debhelper tool if it
is widespread enough.

> I think it is but it doesn't make sense 
> to switch dovecot over unless all the other ssl-cert using packages also do 
> it. Is this possible in the etch timeframe?

I'm not sure, and maybe it's not the time to be trying to do this. Has
anyone got a suggestion for a way to find the list of packages that
generate a certificate in their postinst? That would help the decision.


  James Westby

Reply to: