Matching debian's existing practice of using the ssl-cert group is the right thing to do here.
The keys should have something like 640 perms and root:ssl-cert ownership. (root until the package works as a non-root user, but still chgrp ssl-cert if the user running it is root or in that group.) -JimC -- James Cloos <cl...@jhcloos.com> OpenPGP: 0x997A9F17ED7DAEA6 _______________________________________________ Letsencrypt-devel mailing list Letsencrypt-devel@lists.alioth.debian.org https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
