Marc Haber <mh+debian-packa...@zugschlus.de> writes: > On Mon, Jul 02, 2012 at 02:29:53PM -0700, Russ Allbery wrote:
>> Ah, okay. For that use case, the only thing that you would care about the >> user home directory containing is the authorized_keys file, correct? > known_hosts and the key itself. Oh, right, for the client. Yes, yes. Well, personally I would not consider either the client's key or the known_hosts file to be configuration files. Why not generate the client's key automatically with ssh-keygen on client package installation, and then let it discover the known_hosts configuration via some mechanism, leaving both of those in /var/lib? That would satisfy the requirement that the admin not have to touch things in /var/lib to make the package work, and would also simplify setup (since then building the authorized_keys file is just a matter of catting together the id_rsa.pub files). You could of course still document the file locations so that admins *could* override things if they wanted, which I think is still within Policy. -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to debian-policy-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87wr2kojwy....@windlord.stanford.edu
