Package: dovecot-common Version: 1:1.2.11-1 Severity: normal Hi,
Currently the postinst generates a self-signed cert with -days 365. Can we please make that more like -days 3650 ? Rationale: If a self-signed cert is sufficient, it's probably also sufficient for something like the life of the machine it's running on, in the absence of other intervention. Having to update it every year seems like something that might inure users to the idea that "oh, it's that time of year again, I need to accept this new cert again like last time" rather than really questioning why it changed. If you want to get fancy, I guess it could be a low priority debconf option to select the expiry, perhaps with a "do you want me to generate one at all" question. (that might partly address the other concern raised in #d-d, that the postinst doesn't currently respect the admin changes if dovecot.pem is deleted, and will create them again on its next run). The other issue that was noted there, is that it currently assumes openssl.cnf is not modified when it tries to answer the questions that it expects (but I guess someone will report that as a separate bug if they do modify it incompatibly ;) Cheers, Ron -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
