Bug#679751: please clarify package account and home directory location in policy

To: Marc Haber <mh+debian-packages@zugschlus.de>
Cc: 679751@bugs.debian.org
Subject: Bug#679751: please clarify package account and home directory location in policy
From: Russ Allbery <rra@debian.org>
Date: Tue, 03 Jul 2012 10:04:45 -0700
Message-id: <[🔎] 87wr2kojwy.fsf@windlord.stanford.edu>
Reply-to: Russ Allbery <rra@debian.org>, 679751@bugs.debian.org
In-reply-to: <[🔎] 20120703075041.GI31552@torres.zugschlus.de> (Marc Haber's message of "Tue, 3 Jul 2012 09:50:41 +0200")
References: <[🔎] 20120701102459.5134.16280.reportbug@salida.zugschlus.de> <[🔎] 877gun76jr.fsf@windlord.stanford.edu> <[🔎] 20120702080933.GE31735@torres.zugschlus.de> <[🔎] 87sjda3y5e.fsf@windlord.stanford.edu> <[🔎] 20120702210522.GC31735@torres.zugschlus.de> <[🔎] 87y5n126ni.fsf@windlord.stanford.edu> <[🔎] 20120703075041.GI31552@torres.zugschlus.de>

Marc Haber <mh+debian-packages@zugschlus.de> writes:
> On Mon, Jul 02, 2012 at 02:29:53PM -0700, Russ Allbery wrote:

>> Ah, okay.  For that use case, the only thing that you would care about the
>> user home directory containing is the authorized_keys file, correct?

> known_hosts and the key itself.

Oh, right, for the client.  Yes, yes.

Well, personally I would not consider either the client's key or the
known_hosts file to be configuration files.  Why not generate the client's
key automatically with ssh-keygen on client package installation, and then
let it discover the known_hosts configuration via some mechanism, leaving
both of those in /var/lib?  That would satisfy the requirement that the
admin not have to touch things in /var/lib to make the package work, and
would also simplify setup (since then building the authorized_keys file is
just a matter of catting together the id_rsa.pub files).  You could of
course still document the file locations so that admins *could* override
things if they wanted, which I think is still within Policy.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to:

Follow-Ups:
- Bug#679751: please clarify package account and home directory location in policy
  - From: Bill Allombert <Bill.Allombert@math.u-bordeaux1.fr>
- Bug#679751: please clarify package account and home directory location in policy
  - From: Marc Haber <mh+debian-packages@zugschlus.de>

References:
- Bug#679751: please clarify package account and home directory location in policy
  - From: Marc Haber <mh+debian-packages@zugschlus.de>
- Bug#679751: please clarify package account and home directory location in policy
  - From: Russ Allbery <rra@debian.org>
- Bug#679751: please clarify package account and home directory location in policy
  - From: Marc Haber <mh+debian-packages@zugschlus.de>
- Bug#679751: please clarify package account and home directory location in policy
  - From: Russ Allbery <rra@debian.org>
- Bug#679751: please clarify package account and home directory location in policy
  - From: Marc Haber <mh+debian-packages@zugschlus.de>
- Bug#679751: please clarify package account and home directory location in policy
  - From: Russ Allbery <rra@debian.org>
- Bug#679751: please clarify package account and home directory location in policy
  - From: Marc Haber <mh+debian-packages@zugschlus.de>

Prev by Date: Bug#679751: please clarify package account and home directory location in policy
Next by Date: Bug#679751: please clarify package account and home directory location in policy
Previous by thread: Bug#679751: please clarify package account and home directory location in policy
Next by thread: Bug#679751: please clarify package account and home directory location in policy
Index(es):
- Date
- Thread