[Bug 223633] Review Request: csync2 - A cluster synchronization tool
bugzilla at redhat.com
bugzilla at redhat.com
Wed Jan 24 23:09:52 UTC 2007
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: Review Request: csync2 - A cluster synchronization tool
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=223633
------- Additional Comments From wolfy at nobugconsulting.ro 2007-01-24 18:09 EST -------
I am sorry, but I definitely MUST veto the inclusion of certificates in the
binary rpm. The reason is that this would lead to each and every computer where
the rpm is installed to have the very same certificates. Which kind of defeats
the whole purpose of certificates.
If you want to help the users, you could use for instance one of the
following approaches:
a)
- extract the certificate generation part from the Makefile included in sources
and save it as a separate mkcert.sh
- install this file as a %doc
- document it in the README.FEDORA file I have suggested in comment #7
b)
- generate the certificates in %post
Personally I believe that the first approach is better, allowing for the
admins to have the certificates generated only if they feel like needing them.
You could take a look at mod_ssl and dovecot. The first one includes the
directories where Apache SSL certificates are to be stored, as well as the
scripts needed to generate the certificates, but does not include the
certificates themselves. In addition a set of sample certificates are generated
at install time. A cleaner approach (in my opinion...) is used by dovecot which
includes a dovecot-openssl.cnf file (in /etc/pki) and a mkcert.sh script
(included as doc/sample).
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
More information about the Fedora-package-review
mailing list