On Wed, 2006-07-26 at 22:49 +0200, Joachim Selke wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ralf Ertzinger wrote:
>> They are generated in %post, see the last paragraph. The files
>> probably show up in rpm lists because they are marked
>> ghost/noreplace/missingok config files.
>
> This may be a wild idea, but how about creating a self signed
> CA (by %post in the package which owns /etc/pki), and have all
> other programs that need certificates automatically create certificates
> under that CA?
That sounds good to me.
Tomorrow I am going to rewrite the draft at
<
http://fedoraproject.org/wiki/PackagingDrafts/Certificates> and include
your comment and others.
Also if the certificates are going to be created automatically you have
to make sure it won't overwrite the ones that are already there.
--
Jean-Rene Cormier <jrc(a)jrcormier.com>