Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=474549 --- Comment #32 from Sascha Thomas Spreitzer <sspreitzer@xxxxxxxxxxxxxxxxx> 2010-08-02 06:42:06 EDT --- (In reply to comment #31) > The %post and %preun scripts look like they'll be fine for now for the NSS > database, but I don't think /etc/pki/tls/certs/*.0 is going to be OK. > > Even if our OpenSSL is looking there by default and not just at the single file > in /etc/pki/tls/cert.pem (which I'm not convinced about), there is also a > significant chance of filename collisions. > > If I make a package for my company's internal trust chains, I might *also* have > a CA with a hash of 590d426f or 99d0fa06 -- and then one of the files would > need to be called 590d426f.1 or 99d0fa06.1. That is interesting, I was wondering about the dot-index, but never made my mind clear about it. Thank you for the explanation! > This can only be handled with some kind of post-processing step like Debian's > update-ca-certificates script -- as discussed in bug 466626. > > Sascha, can you be tempted to port/implement that? I will take a look at it, if it is clean and easy, I am willing to brew and maintain "update-ca-certificates" -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug. _______________________________________________ package-review mailing list package-review@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/package-review