Adding CA certficates outside of ca-certificates (see ITP #666229)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
I would like to include the CA distribution of the IGTF
(www.igtf.net), which is an international collaboration of CAs for use
in the e-science communities (i.e. scientific grid computing & cloud
computing).
The certificates in this collection are typically used for service
certificates (compute & storage endpoints, authentication services,
etc.) and user certificates. They are not commonly used for normal web
servers. That is why I don't think they should be included in the
ca-certificates package.
There seems to be no real way to include extra ca-certificates-*
packages at the moment. I've tried to conform as much as possible to
the structure of the ca-certificates package, and the way I've
packaged it right now is that the administrator has the choice to
include individual certificates from IGTF in /etc/ssl upon
reconfiguring ca-certficates.
http://mentors.debian.net/package/igtf-policy-bundle
The policy bundle offers a choice of opt-in or opt-out, so it's easy
to enable 'all but a few' or 'none but a few' certificates. And
enabling here means placing symlinks in
/etc/grid-security/certificates, which is the de facto place for grid
middleware to look for certificates.
I welcome thoughts and comments on this work.
Best,
Dennis van Dok
- --
D.H. van Dok :: Software Engineer :: www.nikhef.nl :: www.biggrid.nl
Phone +31 20 592 22 28 :: http://www.nikhef.nl/~dennisvd/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk+MIk4ACgkQIITq5lEwLHe5+gCeI2/DS4xpSkJxLmHpyR8VkQqX
2LkAn1veYyGNIdzx9QiLVvkQ0dCivRhK
=JeQF
-----END PGP SIGNATURE-----
Reply to: