https://bugzilla.redhat.com/show_bug.cgi?id=2078592
Petr Menšík <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags| |fedora-review? CC| |[email protected] Status|NEW |ASSIGNED Assignee|[email protected] |[email protected] --- Comment #2 from Petr Menšík <[email protected]> --- Taking the review. I am not sure why /etc/rhsm/ca directory were chosen. I think much more appropriate would be something like /etc/pki/rhsm. Could it maybe use symlinks to pki for backward compatibility and move certificates to /etc/pki, where I think this kind of content belongs. Those pem files do not have %config(noreplace) tag. Are they configuration files or not? Either they should have %config(noreplace) for *.pem files or those files should be in /usr/share/pki/rhsm. If backward compatibility were symlink, they would allow simple replacement in /etc/rhsm with locally configured data. I would suggest checking at least validity of certificates in %check section. For example by openssl tool: for PEM in *.pem; do openssl x509 -in $PEM -noout -checkend 0 done -- You are receiving this mail because: You are always notified about changes to this product and component You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2078592 _______________________________________________ package-review mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
