Does anybody prefer to see packages create certificates during postinst or is there any preference not to try that and let people do so manually?
The Let's Encrypt CA also has a client utility, letsencrypt[1], that could be very useful from the postinst script. With any CA, there can sometimes be a delay between the moment when somebody submits a CSR and when they receive their certificate, it obviously wouldn't be desirable for postinst to be hanging on if it takes hours or days for the CA to respond. This also relates to the location of certificates and keys on Debian, something I raised in another thread[2] I've been thinking about this for some time for the SIP and XMPP packages but obviously there are many others that could use this. 1. https://letsencrypt.org/howitworks/ 2. https://lists.debian.org/debian-devel/2015/07/msg00024.html -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/55bdda1c.7040...@pocock.pro
