On Tue, Sep 07, 2004 at 10:17:41AM +0200, Andreas Schuldei wrote: > practically, to be properly packaged for debian and debian-edu, i > would like to see it operate with ssl by default, so no password > go over the wire (or air, in case of wlan!) in the clear.
I propose to create the following packages: schoolbell-ssl: This depends on apache-ssl and sets up an apache virtual host that proxys all requests to the schoolbell-ssl server. So communication to apache-ssl from the outside world is over https and communication from apache-ssl to schoolbell-ssl over 127.0.0.1 is in the clear. By default the schoolbell-ssl server will only listen on 127.0.0.1. (My computer is currently set up in this way, I only have to generalize the config and put it in a package) However, the SSL certificate for apache-ssl will still need to be set up by the user or possibly through debconf pre-seeding. schoolbell: Does not depend on apache-ssl and by default listens to all interfaces with all communication in the clear. Uses a different port/database/config file to schoolbell-ssl so both packages are installable at the same time with default configurations and will not stomp each other. schoolbell-common: The arch-indep part of the program without configuration. libschoolbell: The few arch-dependent .so files that are needed. Rationale: * It is important to provide a package without a dependency on apache-ssl as some people will not want to install this. Unfortunately this package cannot use ssl by default. Comments? -- Brian Sutherland

