The choice to not add the xrdp user to the ssl-cert group OOTB decreases
connection security unnecessarily until done manually.
Furthermore, it doesn't make sense to make the ssl-cert package a strict
dependency, if it isn't usable by XRDP without manual setup.
If the opinion here is "if you do not have basic Debian admin knowledge,
it is your own problem", then I suggest to remove the ssl-cert
dependency consequently, as setting up a proper non-snakeiol TLS cert is
just within the same range of knowledge.
Otherwise, to just make it friendly for all admins, including those new
to Debian or Linux in general, without any downsides, just "usermod -aG
ssl-cert xrdp" and everyone has encryption enabled OOTB.
Best regards,
Micha
