Package: postgresql-common Severity: wishlist Hi there!
It would be preferable to have a seperate private key and certificate for the postgresql server, instead of using the snakeoil certificate by default. I'd propose that you use make-ssl-cert (from ssl-cert, which is already depended on) to create a "postgresql.(pem|key)" and use these. Other packages (like dovecot, courier, ejabberd, ...) already do this. I fully understand that this makes no difference for security purposes, but it would make certificate/key management easier and more obvious. After the recent PRNG problems it took me quite a bit to find all used SSL certificates, and I /thought/ the snakeoil cert was unused, only to find that postgresql wouldn't (re-)start after the removal of ssl-cert-snakeoil.pem. Feel free to close this bug if you think this is a no-no. Thanks, Christian -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-6-686 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8) -- Christian Hofstaedtler -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]