On Tue, 2005-04-19 at 16:07 -0400, John Dennis wrote: > I know this has been debated before, be we've got to make a decision and > move forward (in part because this is now gating some work on my > plate :-). I've had a hallway conversation with Nalin and Dan Walsh and > it was agreed this was the most palatable option at the moment (not > ideal, but a workable solution). ACK. While we're at it -- is there any way we could get the keys generated _after_ the install? We could have something in firstboot which collects all the information required for SSL certs, rather than just using 'SomeState' etc. Even if we don't take it that far, if we just generate the certs _without_ user input during the first boot sequence then we're at least likely to get a decent hostname instead of 'localhost.localdomain'. It's also been suggested that we should also assign random sequence numbers to generated certs, because people are seeing errors reported due to 'duplicate' autogenerated certs. -- dwmw2
