pe, 2006-07-28 kello 00:03 +0100, James Westby kirjoitti:
* Make it easier for package maintainers
- One extra dh_ call and maybe one more file in debian/
How badly is this tied to debhelper? Any chance of designing it so that
it doesn't require debhelper?
--
One does not see anything
On (28/07/06 10:03), Lars Wirzenius wrote:
pe, 2006-07-28 kello 00:03 +0100, James Westby kirjoitti:
* Make it easier for package maintainers
- One extra dh_ call and maybe one more file in debian/
How badly is this tied to debhelper? Any chance of designing it so that
it doesn't
pe, 2006-07-28 kello 10:53 +0100, James Westby kirjoitti:
On (28/07/06 10:03), Lars Wirzenius wrote:
pe, 2006-07-28 kello 00:03 +0100, James Westby kirjoitti:
* Make it easier for package maintainers
- One extra dh_ call and maybe one more file in debian/
How badly is this tied
On (28/07/06 13:16), Lars Wirzenius wrote:
pe, 2006-07-28 kello 10:53 +0100, James Westby kirjoitti:
I don't like it when people make using helper packages de facto
required. And debhelper isn't standard (meaning that you can expect
everyone to use it), merely very common. It is also very
Warning, long email.
Executive summary.
==
* More consistent handling of SSL certs would be nice.
* The proposed ssl-cert package is not in good shape.
ssl-cert2 from http://jameswestby.net/debian/ssl-cert2-0.1.tar.gz
aims to
* Make it easier for package maintainers
On Sun, Jul 23, 2006 at 08:37:50PM +0200, Martin Schulze wrote:
Milan P. Stanic wrote:
Sorry if I misunderstand something, but is it okay to call it snakeoil
if it is real certificate? I like to say that the symbolic links for
per-service certificate shouldn't point to something called
On Mon, 24 Jul 2006, Milan P. Stanic wrote:
On Sun, Jul 23, 2006 at 08:37:50PM +0200, Martin Schulze wrote:
Milan P. Stanic wrote:
Sorry if I misunderstand something, but is it okay to call it snakeoil
if it is real certificate? I like to say that the symbolic links for
per-service
On Mon, Jul 24, 2006 at 12:43:16PM +0200, Peter Palfrader wrote:
On Mon, 24 Jul 2006, Milan P. Stanic wrote:
But then you must change all symlinks to that new real certificate.
That's why on my systems all the service names symlink to
thishost.{pem,key} and that is itself a symlink to the
Milan P. Stanic wrote:
For example:
Dovecot uses /etc/ssl/certs/dovecot.pem.
This is a symbolic link to /etc/ssl/certs/ssl-cert-snakeoil.pem if
the above file or link does not exist during configuration of
dovecot.
That way, the admin can easily replace the symlink
Jaldhar H. Vyas wrote:
In bug #376146, Martin Pitt wrote:
In an effort to clean up the SSL certificate mess on Ubuntu servers, we
recently converted all our supported Server packages to make use of
the ssl-cert package instead of creating a package-specific
self-signed SSL certificate.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Am Do den 20. Jul 2006 um 11:24 schrieb Martin Schulze:
[one cert for all services]
I believe that this is a good idea, however, I would like to propose a
slightly different approach.
At the moment, it seems that all applications use their own
(please copy debian-devel, feel free to bounce my mail there after
you've done so, for others to be able to comment as well).
Klaus Ethgen wrote:
Am Do den 20. Jul 2006 um 11:24 schrieb Martin Schulze:
[one cert for all services]
I believe that this is a good idea, however, I would like to
On Thu, Jul 20, 2006 at 11:24:34AM +0200, Martin Schulze wrote:
For example:
Dovecot uses /etc/ssl/certs/dovecot.pem.
This is a symbolic link to /etc/ssl/certs/ssl-cert-snakeoil.pem if
the above file or link does not exist during configuration of
dovecot.
That way, the admin
On Thu, Jul 20, 2006 at 11:24:34AM +0200, Martin Schulze wrote:
Hence, I propose to stay with virtual per-service certificates, but to
link them to the common snakeoil certificate from ssl-certificates
during configuration and only if there is no other setting.
For example:
Dovecot
James Westby schrieb:
On (03/07/06 23:34), Petter Reinholdtsen wrote:
[Jaldhar H. Vyas]
Is this is a good idea for Debian? I think it is but it doesn't make
sense to switch dovecot over unless all the other ssl-cert using
packages also do it. Is this possible in the etch timeframe?
Yes, it
On Tue, Jul 04, 2006 at 02:38:30PM +0200, Uwe A. P. Würdinger wrote:
James Westby schrieb:
An estimate of the pacakages that generate a certificate in postinst
(lets hope there are none that include them in the package) I tried:
$ grep-available -FDepends openssl -sPackage -n | sort
Well
[Jaldhar H. Vyas]
Is this is a good idea for Debian? I think it is but it doesn't make
sense to switch dovecot over unless all the other ssl-cert using
packages also do it. Is this possible in the etch timeframe?
Yes, it is a good idea to make the SSL certificate handling in Debian
packages
On (03/07/06 23:34), Petter Reinholdtsen wrote:
[Jaldhar H. Vyas]
Is this is a good idea for Debian? I think it is but it doesn't make
sense to switch dovecot over unless all the other ssl-cert using
packages also do it. Is this possible in the etch timeframe?
Yes, it is a good idea
Jaldhar == Jaldhar H Vyas [EMAIL PROTECTED] writes:
In an effort to clean up the SSL certificate mess on Ubuntu
servers, we recently converted all our supported Server
packages to make use of the ssl-cert package instead of
creating a package-specific self-signed SSL
On Mon, 03 Jul 2006, Brian May wrote:
I don't expect such a system to implement virtual hosting without
system administrator intervention, but a naming convention for the files
We must make this intervention easy, but other than that...
that supports virtual hosts would be even better IMHO,
Following up to myself with a proper subject line.
In bug #376146, Martin Pitt wrote:
In an effort to clean up the SSL certificate mess on Ubuntu servers, we
recently converted all our supported Server packages to make use of
the ssl-cert package instead of creating a package-specific
On (30/06/06 10:51), Jaldhar H. Vyas wrote:
Following up to myself with a proper subject line.
In bug #376146, Martin Pitt wrote:
In an effort to clean up the SSL certificate mess on Ubuntu servers, we
recently converted all our supported Server packages to make use of
the ssl-cert
22 matches
Mail list logo