On Thu, Nov 02, 2006 at 12:01:12PM +0100, martin f krafft wrote: > Anyway, thanks for the discussion. I don't think I heard a single > argument for using symlinks, other than to save 440k of space in > /etc.
Symlinks just make _sense_. It's the idiocy of other OSes to duplicate data because they have no proper notion of symlinks. I always hate arguments like this to "make things worse for people who know UNIX because there are some dumb users who don't". So, here is a constructive solution for those who do not like symlinks in /etc: - Rebuild OpenSSL with X509_CERT_DIR in crypto/cryptlib.h defined as "/etc/ssl/certs:/var/ssl/certs". I did not test it, but looking at the OpenSSL sources It Should Just Work. - Change ca-certificates to create the symlinks in /var/ssl/certs instead in /etc/ssl/certs, and make it clear that the user should not manually alter the contents of /var/ssl/certs or else he/she should keep both pieces when something breaks. - Declare /etc/ssl/certs to be the playground of the local sysadmin. No package should touch anything inside it. That gives you the best of both wolds with minimal efforts. Gabor -- --------------------------------------------------------- MTA SZTAKI Computer and Automation Research Institute Hungarian Academy of Sciences ---------------------------------------------------------