On (28/07/06 13:16), Lars Wirzenius wrote:
> pe, 2006-07-28 kello 10:53 +0100, James Westby kirjoitti:
> I don't like it when people make using helper packages de facto
> required. And debhelper isn't standard (meaning that you can expect
> everyone to use it), merely very common. It is also very g
pe, 2006-07-28 kello 10:53 +0100, James Westby kirjoitti:
> On (28/07/06 10:03), Lars Wirzenius wrote:
> > pe, 2006-07-28 kello 00:03 +0100, James Westby kirjoitti:
> > > * Make it easier for package maintainers
> > > - One extra dh_ call and maybe one more file in debian/
> >
> > How badly
On (28/07/06 10:03), Lars Wirzenius wrote:
> pe, 2006-07-28 kello 00:03 +0100, James Westby kirjoitti:
> > * Make it easier for package maintainers
> > - One extra dh_ call and maybe one more file in debian/
>
> How badly is this tied to debhelper? Any chance of designing it so that
> it doe
pe, 2006-07-28 kello 00:03 +0100, James Westby kirjoitti:
> * Make it easier for package maintainers
> - One extra dh_ call and maybe one more file in debian/
How badly is this tied to debhelper? Any chance of designing it so that
it doesn't require debhelper?
--
One does not see anything
Warning, long email.
Executive summary.
==
* More consistent handling of SSL certs would be nice.
* The proposed ssl-cert package is not in good shape.
ssl-cert2 from http://jameswestby.net/debian/ssl-cert2-0.1.tar.gz
aims to
* Make it easier for package maintainers
On Mon, Jul 24, 2006 at 12:43:16PM +0200, Peter Palfrader wrote:
> On Mon, 24 Jul 2006, Milan P. Stanic wrote:
> > But then you must change all symlinks to that new real certificate.
>
> That's why on my systems all the service names symlink to
> thishost.{pem,key} and that is itself a symlink to
On Mon, 24 Jul 2006, Milan P. Stanic wrote:
> On Sun, Jul 23, 2006 at 08:37:50PM +0200, Martin Schulze wrote:
> > Milan P. Stanic wrote:
> > > Sorry if I misunderstand something, but is it okay to call it snakeoil
> > > if it is real certificate? I like to say that the symbolic links for
> > > per
On Sun, Jul 23, 2006 at 08:37:50PM +0200, Martin Schulze wrote:
> Milan P. Stanic wrote:
> > Sorry if I misunderstand something, but is it okay to call it snakeoil
> > if it is real certificate? I like to say that the symbolic links for
> > per-service certificate shouldn't point to something calle
Milan P. Stanic wrote:
> > For example:
> >
> > Dovecot uses .
> >
> > This is a symbolic link to if
> > the above file or link does not exist during configuration of
> > dovecot.
> >
> > That way, the admin can easily replace the symlink with a real
> > certificate if they want per-ser
On Thu, Jul 20, 2006 at 11:24:34AM +0200, Martin Schulze wrote:
> Hence, I propose to stay with virtual per-service certificates, but to
> link them to the common snakeoil certificate from ssl-certificates
> during configuration and only if there is no other setting.
>
> For example:
>
> Dovec
On Thu, Jul 20, 2006 at 11:24:34AM +0200, Martin Schulze wrote:
> For example:
>
> Dovecot uses .
>
> This is a symbolic link to if
> the above file or link does not exist during configuration of
> dovecot.
>
> That way, the admin can easily replace the symlink with a real
> certificate
(please copy debian-devel, feel free to bounce my mail there after
you've done so, for others to be able to comment as well).
Klaus Ethgen wrote:
> Am Do den 20. Jul 2006 um 11:24 schrieb Martin Schulze:
> > > [one cert for all services]
> > I believe that this is a good idea, however, I would lik
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Am Do den 20. Jul 2006 um 11:24 schrieb Martin Schulze:
> > [one cert for all services]
> I believe that this is a good idea, however, I would like to propose a
> slightly different approach.
>
> At the moment, it seems that all applications use their
Jaldhar H. Vyas wrote:
> In bug #376146, Martin Pitt wrote:
>
> > In an effort to clean up the SSL certificate mess on Ubuntu servers, we
> > recently converted all our supported Server packages to make use of
> > the ssl-cert package instead of creating a package-specific
> > self-signed SSL cert
On Tue, Jul 04, 2006 at 02:38:30PM +0200, "Uwe A. P. Würdinger" wrote:
> James Westby schrieb:
> >An estimate of the pacakages that generate a certificate in postinst
> >(lets hope there are none that include them in the package) I tried:
> >
> >$ grep-available -FDepends openssl -sPackage -n | sor
James Westby schrieb:
On (03/07/06 23:34), Petter Reinholdtsen wrote:
[Jaldhar H. Vyas]
Is this is a good idea for Debian? I think it is but it doesn't make
sense to switch dovecot over unless all the other ssl-cert using
packages also do it. Is this possible in the etch timeframe?
Yes, it is
On (03/07/06 23:34), Petter Reinholdtsen wrote:
>
> [Jaldhar H. Vyas]
> > Is this is a good idea for Debian? I think it is but it doesn't make
> > sense to switch dovecot over unless all the other ssl-cert using
> > packages also do it. Is this possible in the etch timeframe?
>
> Yes, it is a go
[Jaldhar H. Vyas]
> Is this is a good idea for Debian? I think it is but it doesn't make
> sense to switch dovecot over unless all the other ssl-cert using
> packages also do it. Is this possible in the etch timeframe?
Yes, it is a good idea to make the SSL certificate handling in Debian
package
On Mon, 03 Jul 2006, Brian May wrote:
> I don't expect such a system to implement virtual hosting without
> system administrator intervention, but a naming convention for the files
We must make this intervention easy, but other than that...
> that supports virtual hosts would be even better IMHO,
> "Jaldhar" == Jaldhar H Vyas <[EMAIL PROTECTED]> writes:
>> In an effort to clean up the SSL certificate mess on Ubuntu
>> servers, we recently converted all our supported Server
>> packages to make use of the ssl-cert package instead of
>> creating a package-specific self-sig
On (30/06/06 10:51), Jaldhar H. Vyas wrote:
> Following up to myself with a proper subject line.
>
> In bug #376146, Martin Pitt wrote:
>
> > In an effort to clean up the SSL certificate mess on Ubuntu servers, we
> > recently converted all our supported Server packages to make use of
> > the ssl
21 matches
Mail list logo
