On Sat, 1 Oct 2005, Lars Wirzenius wrote: > It would thus make sense to me to creates some helper commands to take > care of this properly. Something like: > > openssl-autocreate-certificate $PACKAGENAME > openssl-autoremove-certificate $PACKAGENAME > > plus other options, if necessary. Gnutls may want its own versions, I > don't know. > > The first command would create a self-signed certificate with sensible > parameters and place it in the correct locations, named after the > package. It also stores the MD5 checksum (or full copy) of the key > in /var/lib/something. If such a certificate already exists, the command > obviously does nothing. > > The second command would check that the certificate to be removed > matches the checksum (or full key) in /var/lib/something, and if so, > removes it, and if not, does nothing. > > Does this sound sensible to you? >
I remember thinking the same thing a long time ago and I may have even got as far as discussing it on debian-devel or IRC. But I didn't feel comfortable doing it myself. (To tell you the truth, the cert-generating code is just cut-and-pasted from other packages) Nobody else ran with it and so it just fell by the wayside. It is definitely a good idea though. -- Jaldhar H. Vyas <[EMAIL PROTECTED]> La Salle Debain - http://www.braincells.com/debian/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
