* Matthew Palmer <mpal...@debian.org> [2009-02-08 16:54-0500]: > On Sun, Feb 08, 2009 at 10:16:57PM +0100, martin f krafft wrote: > > also sprach Matthew Palmer <mpal...@debian.org> [2009.02.08.2203 +0100]: > > > That's how I do it (puppetmaster SSL in a separate directory), > > > > I'd like that to be default! > > And I'd like a pony.
I'll take a unicorn! > I'm not the package maintainer, so exclaiming at me isn't going to help your > case any. I'm merely stating that this configuration *can* work, and has > worked for me in production environments, so you can use that argument if > anyone says "that's not possible", or wants a reference implementation. One's default preferences, is another's pain in the ass to migrate everyone who has it setup the way it is now. Since I find the defaults perfectly fine, I'm happy to entertain that as a default, if you wanna come up with how to handle the migration of everyone has things setup the way things are now. > > > but you could also set an altName on the cert (there's an option > > > for it somewhere in the Great Pile, but I can't remember what it > > > is), so that your Puppetmaster's cert was for both vera and > > > puppetmaster. > > > > Why use one cert when you can use two though? > > Why use two when you can use three though? Why use two when you can just have one? For some more is better, for others less is more. There is no preference that will satisfy all, there is just the endless task of the maintainer to switch back and forth at the whim of the users who prefer it one way or the other. There probably is one thing that we can all agree on, this should be installed right away: http://cornify.com/ micah
signature.asc
Description: Digital signature
