[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFC: ssl-cert2 design

On (28/07/06 12:12), Manoj Srivastava wrote:
> On Fri, 28 Jul 2006 10:53:22 +0100, James Westby <jw+debian@jameswestby.net> said: 
> > On (28/07/06 10:03), Lars Wirzenius wrote:
> >> pe, 2006-07-28 kello 00:03 +0100, James Westby kirjoitti:
> > But, yes, like all of debhelper it's just a convenience wrapper. If
> > your package is very simple then in the postinst add
>         Well, my packages are not simple, but I still prefer to hand
>  craft them.

Sorry, I mispoke slightly, I meant simple in terms of there certificate
requirements. That is happy just with a certificate in /etc/ssl/certs
and a key in /etc/ssl/private. Then it is very simple to do this. And
hopefully it is not too much more difficult for the packages that
require more than this (e.g. ftpd-ssl that required the cert and key to
be the same file, which should be easily possible with or without

>         This is perfectly fine, as long as there is a man page for
>  make-ssl-cert.


Requires a little tweaking, but then again so does the entire package.

I guess I must apologise for empasising the debhelper script in this,
all it dees is write the post{inst,rm} snippets for the maintainer. And
it is obviously possible for the maintainer to do this themselves. 

Maybe I shouldn't have included the advantages to the package maintainer
comment in my summary. This is not the aim of the package, the aim is to
give the sysadmin more control and flexibilty about how to handle this
stuff, the benefits to the packager are just a result of using a central

Obviously the maintainers are free to ignore this package completely,
but I hope it will be used as they will be able to see the benifits it
gives to the users. 

I guess I should be happy that no-one has pointed out any flaws in my
design, or said that they do not wish to use the system. Then again this
might just mean that most people have ignored this thread.



  James Westby

Reply to: