* Vincent Danjean <vincent.danj...@ens-lyon.org> [20110327 21:39]: > On 27/03/2011 15:09, Seo Sanghyeon wrote: > > Package: mercurial > > Version: 1.8.1-1 > > > > I think SSL certificates should be configured in system-wide hgrc. > > Here's how: http://mercurial.selenic.com/wiki/CACertificates > > I did not try certificates (nor read the linked document) yet. > However, would putting this config in system-wide hgrc still allow > a user to disable this functionality ?
Yes, by adding this to the user's ~/.hgrc: [web] cacerts = Or by using the --insecure command line switch. > Upstream does not like at > all that distrib-mercurial has some features automatically enabled > in system-wide hgrc that are not enabled by default in plain > mercurial. This was about too many extensions enabled by default. See http://mercurial.selenic.com/wiki/Packaging#SSL_support "2. SSL support Packagers are encouraged to integrate as well as possible with the platforms existing PKI, for example by distributing a hgrc.d/cacert.rc with configuration of web.cacerts." > > This would add dependency to ca-certificates pacakge. > > For now, we could add it in 'Suggests' and document this in > README.Debian I'd say adding it to /etc/mercurial/hgrc.d/cacert.rc and using 'Recommends' would be the best solution. Regards, Thomas -- tho...@intevation.de - http://intevation.de/~thomas/ - OpenPGP key: 0x5816791A Intevation GmbH, Neuer Graben 17, 49074 Osnabrueck - AG Osnabrueck, HR B 18998 Geschaeftsfuehrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
