Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=474549 --- Comment #31 from David Woodhouse <dwmw2@xxxxxxxxxxxxx> 2010-07-30 08:18:35 EDT --- The %post and %preun scripts look like they'll be fine for now for the NSS database, but I don't think /etc/pki/tls/certs/*.0 is going to be OK. Even if our OpenSSL is looking there by default and not just at the single file in /etc/pki/tls/cert.pem (which I'm not convinced about), there is also a significant chance of filename collisions. If I make a package for my company's internal trust chains, I might *also* have a CA with a hash of 590d426f or 99d0fa06 -- and then one of the files would need to be called 590d426f.1 or 99d0fa06.1. This can only be handled with some kind of post-processing step like Debian's update-ca-certificates script -- as discussed in bug 466626. Sascha, can you be tempted to port/implement that? -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug. _______________________________________________ package-review mailing list package-review@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/package-review