[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: changes to SSL config on debian.org hosts?

On Sun, Dec 21, 2014 at 06:45:48PM +0800, Paul Wise wrote:
> /etc/ssl/ca-certs-world should contain all CA certificates that are
> trusted by default in the ca-certificates package. This would be used
> for tools/services that need to verify certs for external services.
> Examples are the QA vcswatch service and the RTC service, which
> currently use manually setup versions of this.

As the DSA team member who made the manually set up version, would be very to
undo and make use of /etc/ssl/ca-certs-world, instead.

> The last two above would also get cert bundles in these paths for
> software that requires bundles instead of dirs.
> /etc/ssl/ca-certs-debian/ca-certificates.crt
> /etc/ssl/ca-certs-world/ca-certificates.crt

The pedant in me prefers (equal path length CDO satisfied):


> We can choose different paths for the debian/world stuff of course.

CDO demands it.

Luca Filipozzi

Reply to: