> On Jul 27, 2016, at 7:13 PM, Alan Bateman <alan.bate...@oracle.com> wrote: > > > > On 27/07/2016 10:45, Wang Weijun wrote: >> : >> I suggest we create a new special -keystore value "<<CACERTS>>" which acts >> like an alias of the cacerts file. Creating a new option means we have to >> document its relation with the existing -keystore option. The new name can >> also work with the -importkeystore command. >> >> Like this: >> >> keytool -list -keystore <<CACERTS>> >> >> The name is inspired by <<ALL FILES>> in FilePermission. I'm open to other >> styles. >> > I assume you mean to quote this as this will otherwise cause redirection when > used on the command line or in scripts.
Yes. Or just CACERTS? This will be ambiguous. > > In any case, it does seem a bit unusual to me. I would assume something like > `keytool -list -cacerts` would be easier. I realize it would mean disallowing > its usage with -keystore. How much is creating a new name or a new option worth? Do we plan to move cacerts again? Unless we backport it (I believe back porting a name is easier than an option), it is useless in writing a "cross-release" script. Another benefit is that we can invent new names later, say, user's own "cacerts" used by deployment. BTW, you said: > If there are existing scripts that are specifying the location then they will > continue to work. What does this mean? If we change the location, it sure will not work, and they are recommended to use the new style, whether a new name or a new option. Anyway the script must be modified. In fact, most likely the script is importing a cert into cacerts, and importing one to an non-existent file will succeed silently! --Max > > -Alan