[Pki-devel] [PATCH] 38-2 Fixes for review comments on [PATCH] 38 Fixes for trac tickets #509 and #525
Ade Lee
alee at redhat.com
Thu Mar 21 05:46:13 UTC 2013
See comments below:
On Wed, 2013-03-20 at 09:15 -0400, Abhishek Koneru wrote:
> Please review the attached patch with fixes for review comments given
> for patch 38.
>
> --Abhishek
>
> On Tue, 2013-03-19 at 11:11 -0400, Ade Lee wrote:
> > Comments:
> >
> > 1. In pkispawn, in the section "KRA, OCSP, or TKS using default
> > configuration": rather than explaining that myconfig.txt is the same as
> > the above section with an additional parameter, its clearer just to
> > print out a new myconfig.txt as in the previous section. You still want
> > to mention though that the security domain password is the same as the
> > admin password for the CA. Note the typo "whick".
> >
> > 2. The line adding the signing subordinate DN is too long, partly
> > because it repeats itself. Shorten to fit on line if possible.
> >
This line is still too long. Try to make it fit within 80 characters.
You could shorten to cn=CA Subordinate Signing,o=example.com for
example.
>
> > 3. Also in that section, there should be a note about the subordinate
> > CA subject DN having to be different from the root CA signing subject
> > DN. See a corresponding note in the "externally signed CA section"
> >
The note is fine - but add a line before the note to separate from the
previous paragraph.
> > 4. In sample.cfg, change the comment to:
> > +##Required for all subsystems that are not root CAs
> >
> > 5. The sample files for KRA, TKS etc. like sampleKRA-OCSP-TKSclone.cfg
> > are a little confusing. Rather pick one of these -- a KRA for
> > instances and provide a sample instead. So in this case,
> > [KRA/OCSP/TKS] -> [KRA]
I still see the heading [KRA/OCSP/TKS] in your sample config files.
> >
> > On Fri, 2013-03-15 at 22:20 -0400, Abhishek Koneru wrote:
> > > Please review the attached patch with fixes for incorrect information in pkispawn man page.
> > > Also added the sample config files for different installations of pki subsystems.
> > >
> > > --Abhishek
> > > _______________________________________________
> > > Pki-devel mailing list
> > > Pki-devel at redhat.com
> > > https://www.redhat.com/mailman/listinfo/pki-devel
> >
> >
>
More information about the Pki-devel
mailing list