On 11/27/10 1:09 PM, nodata wrote: > On 27/11/10 16:44, Ralf Ertzinger wrote: >> Hi. >> >> On Sat, 27 Nov 2010 16:15:47 +0100, nodata wrote >> >>> I don't agree. If you are replacing a production machine, you take >>> the keys from the old machine and use them. If you don't want to do >>> that, you buy new, probably stronger, certificates that are also >>> valid. I think your case only covers self-signed certificates. >> I agree, usually the keys from the old machine are imported into the new. >> I do, however, question the usefulness of generating self signed keys >> for 'localhost' or 'localhost.localdomain'. Is there any valid use >> case for these? > Not normally, no. > > localhost is a catchall for when either your hosts file is badly > configured or you didn't configure networking yet. So we're back to the > problem you mentioned of these things running from rpm scriptlets. > > Maybe the sshd approach would be better - generate at first run of the > daemon?
There's no guarantee that the daemon is run while the machine is in a useful state... unless the script refuses to start while the hostname and domain name are unset... -Philip -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
