Comment # 3 on bug 1023552 from 
I accept this WONTFIX as I always do, but here are my thoughts about how to
improve the situation.

Well, we're no longer in the 90s where hardly anything than https required
certs. Nowadays hardly anything (like po3s, imaps, https, ...) is supposed to
support (at least alternativly) encryption, and even if self-signed by own CA
certs are used - or paid for certs - there is a need for a central, non-app
based place to store these certs.

As these certs usually pin down to the CN which is most likely the FQHN it is
much more convenient concerning maintainance to store them in a central place
than placing copys all over the FS for the appropriate services.

In Debian based dists this is /etc/ssl and works pretty well. I don't see the
any benefit in the openSUSE construct to symlink this dir to /var/whatever and
deny any admin changes. This leaves the admin to spread the same cert all over
again to the various places where the service expects it's certs to find, while
most services are currently easy to accept a server-wide place to read certs
from.

I'd say that the service based assumption of where to place certs is outdated
and won't work much longer. openSUSE should decide where system-wide used certs
are to be placed, not service-wide. Just my 2�

You are receiving this mail because: