Hi Dennis, On Mon, April 16, 2012 15:44, Dennis van Dok wrote: > I would like to include the CA distribution of the IGTF > (www.igtf.net), which is an international collaboration of CAs for use > in the e-science communities (i.e. scientific grid computing & cloud > computing).
> http://mentors.debian.net/package/igtf-policy-bundle You're probably aware that there's already an APT-compatible repository that contains Debian packages for the current IGTF distribution? https://dist.eugridpma.info/distribution/igtf/current/ How does this package relate to that? What goal do you want to reach by uploading to Debian proper? In the IGTF community it's more or less expected that relying parties update their trust anchors not too long after new IGTF updates are released - if a relying party uses packages from Debian (old)stable they can easily be two or three years old and are not easily updated. I'm not sure if newly accredited CA's would be enthusiastic to wait that long, for example. > The policy bundle offers a choice of opt-in or opt-out, so it's easy > to enable 'all but a few' or 'none but a few' certificates. And > enabling here means placing symlinks in > /etc/grid-security/certificates, which is the de facto place for grid > middleware to look for certificates. I think that makes sense: placing or linking them in /etc/grid-security/certificates/ 'enables' them from a grid middleware point of view. As I understand it, you're not doing anything with /etc/ssl or ca-certificates.crt. This means that the certificates will not change the trust anchors for 'regular' tools on the system (curl, system daemons, etc). I'm unfortunately not at the upcoming EUgridPMA meeting in Karlsruhe this May, but perhaps there's another opportunity where we can meet to discuss the ideas and specifics. Cheers, Thijs -- To UNSUBSCRIBE, email to debian-wnpp-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/18c07df56a7978b1cf49f5bdda40f79b.squir...@wm.kinkhorst.nl