Re: RFC: ssl-cert2 design

To: debian-devel@lists.debian.org
Subject: Re: RFC: ssl-cert2 design
From: James Westby <jw+debian@jameswestby.net>
Date: Fri, 28 Jul 2006 20:28:01 +0100
Message-id: <[🔎] 20060728192801.GA32077@jameswestby.net>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 87d5bpslgf.fsf@glaurung.internal.golden-gryphon.com>
References: <Pine.LNX.4.64.0606301049500.29534@jaldhar-laptop> <[🔎] 20060727230319.GA28989@jameswestby.net> <[🔎] 1154070193.4313.25.camel@dorfl.liw.iki.fi> <[🔎] 20060728095322.GB28989@jameswestby.net> <[🔎] 87d5bpslgf.fsf@glaurung.internal.golden-gryphon.com>

On (28/07/06 12:12), Manoj Srivastava wrote:
> On Fri, 28 Jul 2006 10:53:22 +0100, James Westby <jw+debian@jameswestby.net> said: 
> 
> > On (28/07/06 10:03), Lars Wirzenius wrote:
> >> pe, 2006-07-28 kello 00:03 +0100, James Westby kirjoitti:
> > But, yes, like all of debhelper it's just a convenience wrapper. If
> > your package is very simple then in the postinst add
> 
>         Well, my packages are not simple, but I still prefer to hand
>  craft them.

Sorry, I mispoke slightly, I meant simple in terms of there certificate
requirements. That is happy just with a certificate in /etc/ssl/certs
and a key in /etc/ssl/private. Then it is very simple to do this. And
hopefully it is not too much more difficult for the packages that
require more than this (e.g. ftpd-ssl that required the cert and key to
be the same file, which should be easily possible with or without
debhelper).

>         This is perfectly fine, as long as there is a man page for
>  make-ssl-cert.

http://jameswestby.net/bzr/ssl-cert2/make-ssl-cert2.8

Requires a little tweaking, but then again so does the entire package.

I guess I must apologise for empasising the debhelper script in this,
all it dees is write the post{inst,rm} snippets for the maintainer. And
it is obviously possible for the maintainer to do this themselves. 

Maybe I shouldn't have included the advantages to the package maintainer
comment in my summary. This is not the aim of the package, the aim is to
give the sysadmin more control and flexibilty about how to handle this
stuff, the benefits to the packager are just a result of using a central
system.

Obviously the maintainers are free to ignore this package completely,
but I hope it will be used as they will be able to see the benifits it
gives to the users. 

I guess I should be happy that no-one has pointed out any flaws in my
design, or said that they do not wish to use the system. Then again this
might just mean that most people have ignored this thread.

Thanks,

James

-- 
  James Westby
  jw+debian@jameswestby.net
  http://jameswestby.net/

Reply to:

References:
- RFC: ssl-cert2 design [Was: Re: Using the SSL snakeoil certificate]
  - From: James Westby <jw+debian@jameswestby.net>
- Re: RFC: ssl-cert2 design [Was: Re: Using the SSL snakeoil certificate]
  - From: Lars Wirzenius <liw@liw.iki.fi>
- Re: RFC: ssl-cert2 design [Was: Re: Using the SSL snakeoil certificate]
  - From: James Westby <jw+debian@jameswestby.net>
- Re: RFC: ssl-cert2 design
  - From: Manoj Srivastava <srivasta@debian.org>

Prev by Date: Re: package ownership in Debian (was: Why does Ubuntu have all the ideas?)
Next by Date: Re: Why does Ubuntu have all the ideas?
Previous by thread: Re: RFC: ssl-cert2 design
Next by thread: How to fix a disk problem/damaged file?
Index(es):
- Date
- Thread