On 10/08/2010 18:27, [email protected] wrote:
Ok, after reading your explanation, I agree that asking OpenSSL doesn't sound ideal. I'm wondering if it would be better to configure the CA path as an image-property.
I was originally going to suggest exactly that, but felt it was over kill for now.
> This means that we pick a default initially,
but that the user/administrator could change it by using the 'pkg set-property' command. Does this seem useful, or would this open us up to more security problems instead?
It might be useful and I don't see any security problems it could cause. In fact for user images (I think that is what they are called, I mean those that aren't an OpenSolaris bootable image or Zone root) it would be useful to point elsewhere sometimes (like using /etc/openssl/ instead of somewhere inside the image).
-- Darren J Moffat _______________________________________________ pkg-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
