https://bugzilla.redhat.com/show_bug.cgi?id=2078592 Petr Menšík <pemensik@xxxxxxxxxx> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags| |fedora-review? CC| |pemensik@xxxxxxxxxx Status|NEW |ASSIGNED Assignee|nobody@xxxxxxxxxxxxxxxxx |pemensik@xxxxxxxxxx --- Comment #2 from Petr Menšík <pemensik@xxxxxxxxxx> --- Taking the review. I am not sure why /etc/rhsm/ca directory were chosen. I think much more appropriate would be something like /etc/pki/rhsm. Could it maybe use symlinks to pki for backward compatibility and move certificates to /etc/pki, where I think this kind of content belongs. Those pem files do not have %config(noreplace) tag. Are they configuration files or not? Either they should have %config(noreplace) for *.pem files or those files should be in /usr/share/pki/rhsm. If backward compatibility were symlink, they would allow simple replacement in /etc/rhsm with locally configured data. I would suggest checking at least validity of certificates in %check section. For example by openssl tool: for PEM in *.pem; do openssl x509 -in $PEM -noout -checkend 0 done -- You are receiving this mail because: You are always notified about changes to this product and component You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2078592 _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
