Re: ca-certificates symlinks out of /etc
On Thu, Nov 02, 2006 at 02:24:33PM +0100, martin f krafft wrote:
> Why do the files need to be in /usr/share at all? Why not provide
> /etc/ssl/certs and /etc/ssl/certs/disabled and let the user use
> /bin/mv to enable/disable them.
Certificates are not configuration files so they should not be in
/etc.
On the other hand, the decision of which certificate files should be
USED _is_ a configuration decision, so that information should be under
/etc. So the current way of the certificates being under /usr/share and
symlinks to them being in /etc matches the intended (and expected) usage
of both /etc and /usr/share perfectly.
> At the same time, the debconf
> question about which ones to disable/enable could do exactly the
> same, and all the files would be proper configuration files that
> could be edited all the same.
The whole point of a certificate is that you CAN NOT edit it because
that would break the signature. You can only replace a certificate as a
whole, add a new one or delete an old one. Therefore it does not make
sense to list certificates as conffiles.
Gabor
--
---------------------------------------------------------
MTA SZTAKI Computer and Automation Research Institute
Hungarian Academy of Sciences
---------------------------------------------------------
Reply to: