[prev in list] [next in list] [prev in thread] [next in thread]
List: debian-devel
Subject: Re: ca-certificates symlinks out of /etc
From: Gabor Gombas <gombasg () sztaki ! hu>
Date: 2006-11-02 12:45:52
Message-ID: 20061102124551.GF18414 () boogie ! lpds ! sztaki ! hu
[Download RAW message or body]
On Thu, Nov 02, 2006 at 12:01:12PM +0100, martin f krafft wrote:
> Anyway, thanks for the discussion. I don't think I heard a single
> argument for using symlinks, other than to save 440k of space in
> /etc.
Symlinks just make _sense_. It's the idiocy of other OSes to duplicate
data because they have no proper notion of symlinks. I always hate
arguments like this to "make things worse for people who know UNIX
because there are some dumb users who don't".
So, here is a constructive solution for those who do not like symlinks
in /etc:
- Rebuild OpenSSL with X509_CERT_DIR in crypto/cryptlib.h defined as
"/etc/ssl/certs:/var/ssl/certs". I did not test it, but looking at the
OpenSSL sources It Should Just Work.
- Change ca-certificates to create the symlinks in /var/ssl/certs
instead in /etc/ssl/certs, and make it clear that the user should not
manually alter the contents of /var/ssl/certs or else he/she should
keep both pieces when something breaks.
- Declare /etc/ssl/certs to be the playground of the local sysadmin. No
package should touch anything inside it.
That gives you the best of both wolds with minimal efforts.
Gabor
--
---------------------------------------------------------
MTA SZTAKI Computer and Automation Research Institute
Hungarian Academy of Sciences
---------------------------------------------------------
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic