Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=620752 --- Comment #3 from Sascha Thomas Spreitzer <sspreitzer@xxxxxxxxxxxxxxxxx> 2010-08-03 10:05:57 EDT --- (In reply to comment #2) > I can sponsor you. Thanks very much for looking at this. Great news, thank you! > One request: please could I ask if you would consider licensing this tool under > GPLv2+? I would like to include it in MeeGo too, and we have silly rules about > GPLv3. It would be a shame to write *another* separate implementation. That is ok for me, next upload will be GPLv2+. > Your tool creates a hashed directory for OpenSSL -- a bit like the OpenSSL > c_rehash script. But the Fedora OpenSSL still doesn't *use* such a directory, > does it? It's configured only to use a single flat file /etc/pki/tls/cert.pem. My copy of Fedoras openssl is *using* the hash.nr files. So I would assume Fedoras OpenSSL is configured to use this kind of directory? > Your sample ca-cacert package adds its certs manually to the NSS database, and > presumably it would also call this update-ca-certificates script in its %post > script? Perhaps the script should handle *both* tasks for it, to reduce the > complexity of the %post and %postun/%preun scripts in the CA packages? > > If the script were to take an argument listing the filenames of the certs to > add/remove, then it could update *both* the NSS database and the OpenSSL flat > file at the same time (or perhaps do the NSS database and then just regenerate > the OpenSSL file directly from that?). I thought about an improved version that involves --add/--delete, I think adding a --nss will not be that hard! So, stay tuned for an update. :) > I assume you've looked at the Debian update-ca-certificates script? I have > mailed the maintainer/author of that script and asked if he's interested in > improvements to work well with NSS, but he hasn't responded. But still, if we > could do something which is broadly similar in usage then it would be much > appreciated by anyone who has to do any cross-distro work in this area. I have taken a look onto debians script and decided to write one from scratch for fedora. Debian deals with its cert management different then Fedora. (eg. paths) -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug. _______________________________________________ package-review mailing list package-review@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/package-review