Public key infrastructure
Jean-Rene Cormier
jrc at jrcormier.com
Wed Jul 26 22:17:54 UTC 2006
On Wed, 2006-07-26 at 22:49 +0200, Joachim Selke wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Ralf Ertzinger wrote:
> >> They are generated in %post, see the last paragraph. The files
> >> probably show up in rpm lists because they are marked
> >> ghost/noreplace/missingok config files.
> >
> > This may be a wild idea, but how about creating a self signed
> > CA (by %post in the package which owns /etc/pki), and have all
> > other programs that need certificates automatically create certificates
> > under that CA?
>
> That sounds good to me.
>
> Tomorrow I am going to rewrite the draft at
> <http://fedoraproject.org/wiki/PackagingDrafts/Certificates> and include
> your comment and others.
Also if the certificates are going to be created automatically you have
to make sure it won't overwrite the ones that are already there.
--
Jean-Rene Cormier <jrc at jrcormier.com>
More information about the fedora-devel-list
mailing list