James Westby schrieb:
On (03/07/06 23:34), Petter Reinholdtsen wrote:
[Jaldhar H. Vyas]
Is this is a good idea for Debian?  I think it is but it doesn't make
sense to switch dovecot over unless all the other ssl-cert using
packages also do it. Is this possible in the etch timeframe?
Yes, it is a good idea to make the SSL certificate handling in Debian
packages more consistent.  In Debian-Edu, we install and automatically
configure several services with SSL certiciates, like imap, ldap and
webmin, and it is a pain to handle all the ways SSL-certificates are
generated. :)


So, as this proposal seemed to provoke a response that was somewhere between non-caring and enthusiastic I thought I would look in to the
possibility of doing this.

An estimate of the pacakages that generate a certificate in postinst
(lets hope there are none that include them in the package) I tried:

$ grep-available -FDepends openssl -sPackage -n | sort

    apache-ssl
    apache2-common
    ca-certificates
    courier-imap-ssl
    courier-ssl
    dovecot-common
    dsniff
    ejabberd
    exim-tls
    freeswan
    ftpd-ssl
    httping
    ipopd
    libapache-mod-ssl
    libmultisync-plugin-syncml
    nessusd
    openoffice.org-core
    partimage-server
    python-pyopenssl
    ssl-cert
    ssleay
    sslwrap
    stone-ssl
    stunnel
    stunnel4
    telnetd-ssl
    tinyca
    ultrapossum-tls
    usermin
    uw-imapd
    webmin

Well there are a number of packages out there that can use X509 Certs but don't do so now as per default for example lighttpd.

racoon seems to be missing as well but it doesn't look to be in good shape (in testing) anyway.

I'd like to help but I'm not a DD.

greets Uwe
--
http://www.x-tec.de
http://www.highspeed-firewall.de


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to