[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ca-certificates symlinks out of /etc



On Thu, Nov 02, 2006 at 02:24:33PM +0100, martin f krafft wrote:

> Why do the files need to be in /usr/share at all? Why not provide
> /etc/ssl/certs and /etc/ssl/certs/disabled and let the user use
> /bin/mv to enable/disable them.

Certificates are not configuration files so they should not be in
/etc.

On the other hand, the decision of which certificate files should be
USED _is_ a configuration decision, so that information should be under
/etc. So the current way of the certificates being under /usr/share and
symlinks to them being in /etc matches the intended (and expected) usage
of both /etc and /usr/share perfectly.

> At the same time, the debconf
> question about which ones to disable/enable could do exactly the
> same, and all the files would be proper configuration files that
> could be edited all the same.

The whole point of a certificate is that you CAN NOT edit it because
that would break the signature. You can only replace a certificate as a
whole, add a new one or delete an old one. Therefore it does not make
sense to list certificates as conffiles.

Gabor

-- 
     ---------------------------------------------------------
     MTA SZTAKI Computer and Automation Research Institute
                Hungarian Academy of Sciences
     ---------------------------------------------------------



Reply to: