[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Using the SSL snakeoil certificate

(please copy debian-devel, feel free to bounce my mail there after
you've done so, for others to be able to comment as well).

Klaus Ethgen wrote:
> Am Do den 20. Jul 2006 um 11:24 schrieb Martin Schulze:
> > > [one cert for all services]
> > I believe that this is a good idea, however, I would like to propose a
> > slightly different approach.
> > 
> > At the moment, it seems that all applications use their own
> > certificates and maybe also create them upon installation or rather
> > configuration.
> I like this idea mentioned above. Isn't it easy to ask the admin in
> debconf for every service if he want separate certs or all linked
> together?

No!  Please don't introduce more questions that are not required for
packages to work properly.  Debconf is not a general configuration
utility that should subsume all possible configurations.  Instead it
should only ask what is required for the package to work properly in
a default environment.

If an admin wants to use different certs, they should be able to do
so easily, but it's not acceptable to ask everybodo whether to use
shared or singular certificates, or to create a cert, or to install
an already created and certified one, or, or, or...



Open source is important from a technical angle.             -- Linus Torvalds

Please always Cc to me when replying to me on the lists.

Reply to: