Hi Dennis. Running the LMU-LRZ Tier-2 this is quite good news, however.. On Thu, 2012-03-29 at 23:29 +0200, Dennis van Dok wrote: > The certificates are kept in /usr/share/igtf-policy/ and > /usr/share/ca-certificates/igtf-*/. Why two locations (i.e. why the one outside of /usr/share/ca-certificates/) > They are meant to be placed in > /etc/grid-security/certificates, where the commonly used grid middleware > will look for it; it is also possible to include (some of) the certificates > in /etc/ssl/certs by using dpkg-reconfigure ca-certificates. Well here the problems start, IMHO. I always considered the whole /etc/grid-security/ quite broken and not more than a quite and dirty hack to ease up life with multiple grid apps. It more or less contradicts the way certificates are meant to be handled in Debian (i.e. ca-certificates). Are you going to automatically create /etc/grid-security/certificates and put links in there? Will it be possible to configure only selected CAs? Will you integrated into ca-certificates (i.e. which certs-get enabled and not)? Probably not all certificates in IGTF should show up in what ca-certificates creates (i.e. SLCS and MLCS). btw: Are you going to provide backports or better said "volatile" support? When you're from NIKHEF you can probably easily get David's OpenPGP key in a secure way to add only securely downloaded igtf bundles to Debian :) Cheers, Chris.
Attachment:
smime.p7s
Description: S/MIME cryptographic signature