Bug#679751: please clarify package account and home directory location in policy
Marc Haber <mh+debian-packages@zugschlus.de> writes:
> On Mon, Jul 02, 2012 at 02:29:53PM -0700, Russ Allbery wrote:
>> Ah, okay. For that use case, the only thing that you would care about the
>> user home directory containing is the authorized_keys file, correct?
> known_hosts and the key itself.
Oh, right, for the client. Yes, yes.
Well, personally I would not consider either the client's key or the
known_hosts file to be configuration files. Why not generate the client's
key automatically with ssh-keygen on client package installation, and then
let it discover the known_hosts configuration via some mechanism, leaving
both of those in /var/lib? That would satisfy the requirement that the
admin not have to touch things in /var/lib to make the package work, and
would also simplify setup (since then building the authorized_keys file is
just a matter of catting together the id_rsa.pub files). You could of
course still document the file locations so that admins *could* override
things if they wanted, which I think is still within Policy.
--
Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/>
Reply to: