Re: changes to SSL config on debian.org hosts?

To: debian-admin <debian-admin@lists.debian.org>, debian-services-admin <debian-services-admin@lists.debian.org>
Subject: Re: changes to SSL config on debian.org hosts?
From: Luca Filipozzi <lfilipoz@debian.org>
Date: Sun, 21 Dec 2014 22:52:38 +0000
Message-id: <[🔎] 20141221225238.GA857@emyr.net>
In-reply-to: <[🔎] 1419158748.20810.78.camel@debian.org>
References: <[🔎] 1419158748.20810.78.camel@debian.org>

On Sun, Dec 21, 2014 at 06:45:48PM +0800, Paul Wise wrote:
> /etc/ssl/ca-certs-world should contain all CA certificates that are
> trusted by default in the ca-certificates package. This would be used
> for tools/services that need to verify certs for external services.
> Examples are the QA vcswatch service and the RTC service, which
> currently use manually setup versions of this.

As the DSA team member who made the manually set up version, would be very to
undo and make use of /etc/ssl/ca-certs-world, instead.

> The last two above would also get cert bundles in these paths for
> software that requires bundles instead of dirs.
> 
> /etc/ssl/ca-certs-debian/ca-certificates.crt
> /etc/ssl/ca-certs-world/ca-certificates.crt

The pedant in me prefers (equal path length CDO satisfied):

/etc/ssl/ca-certs-debian/
/etc/ssl/ca-certs-retail/

> We can choose different paths for the debian/world stuff of course.

CDO demands it.


-- 
Luca Filipozzi
http://www.crowdrise.com/SupportDebian

Reply to:

Follow-Ups:
- Re: changes to SSL config on debian.org hosts?
  - From: Luca Filipozzi <lfilipoz@debian.org>

References:
- changes to SSL config on debian.org hosts?
  - From: Paul Wise <pabs@debian.org>

Prev by Date: changes to SSL config on debian.org hosts?
Next by Date: Re: changes to SSL config on debian.org hosts?
Previous by thread: changes to SSL config on debian.org hosts?
Next by thread: Re: changes to SSL config on debian.org hosts?
Index(es):
- Date
- Thread