On Thu, May 20, 2010 at 09:45:41AM +0200, Matthias Andree wrote:
>> The only race condition is when a trusted root is deleted which has the
>> same hash as a trusted root that stays, and the "hash.0" link needs to go
>> while the "hash.1" link stays. [...] This is substantially safer than
>> the crude "delete all links, then make new links" approach of c_rehash.
>
> Even if, let's extend the c_rehash tool because that's much less of a
> hassle and can later be included upstream if desired.
The patch you posted looks reasonable. In my case, the
backwards-compatible CApath, is only needed briefly, while I am installing
the new Postfix that links with 1.0.0. After that, I don't need the old
links, since the CApath in question is used by exactly one application.
I also wanted non-disruptive CApath updates...
--
Viktor.
P.S. Morgan Stanley is looking for a New York City based, Senior Unix
system/email administrator to architect and sustain our perimeter email
environment. If you are interested, please drop me a note.
