Re: Debian Policy about administrator X.509 certificate stores [was: Re: dovecot-common: please do not use /etc/ssl/certs for end-entity X.509 certificates (/etc/ssl/certs/dovecot.pem)]

[Daniel Kahn Gillmor]

On 04/07/2012 12:46 PM, Kurt Roeckx wrote:

> At least the certdata.txt file contains the information, you can
> edit in iceweasel/firefox.

edit at runtime or at compile time?  system administrators ideally
shouldn't have to recompile packages in order to add or drop system-wide
default reliance on a given CA.

> The information only gets lots when the ca-certificates package is created.

I think you mean "lost" here, right?  Can you propose a mechanism such
that this info would not get lost?

        --dkg

signature.asc
Description: OpenPGP digital signature