Debian Bug report logs - #355177
/etc/pyca underdocumented

version graph

Package: pyca; Maintainer for pyca is (unknown);

Reported by: Marc Haber <mh+debian-bugs@zugschlus.de>

Date: Fri, 3 Mar 2006 20:18:13 UTC

Severity: minor

Tags: wontfix

Found in version pyca/20031118-1

Done: Lars Bahner <bahner@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Lars Bahner <bahner@debian.org>:
Bug#355177; Package pyca. (full text, mbox, link).


Acknowledgement sent to Marc Haber <mh+debian-bugs@zugschlus.de>:
New Bug report received and forwarded. Copy sent to Lars Bahner <bahner@debian.org>. (full text, mbox, link).


Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Marc Haber <mh+debian-bugs@zugschlus.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: /etc/pyca underdocumented
Date: Fri, 03 Mar 2006 21:13:13 +0100
Package: pyca
Version: 20031118-1
Severity: minor

Hi,

/etc/pyca obviously has some files which seem to be Debianisms. The
only configuration file mentioned in the upstream docs is
openssl.conf, while /etc/pyca also having a bunch of "cacert_*.cnf"
files. The information contained there seems like a duplication of
what is already in openssl.cnf.

The only mention of these files is in README.Debian, saying "you'll
have to edit these files".

Please, improve documentation.

Greetings
Marc

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.15.5-zgsrv
Locale: LANG=C, LC_CTYPE=de_DE (charmap=ISO-8859-1)

Versions of packages pyca depends on:
ii  logrotate                     3.7.1-2    Log rotation utility
ii  openssl                       0.9.8a-7   Secure Socket Layer (SSL) binary a
ii  python                        2.3.5-5    An interactive high-level object-o

Versions of packages pyca recommends:
pn  apache-ssl | libapache-mod-ss <none>     (no description available)
ii  exim4-daemon-light [mail-tran 4.60-4     lightweight exim MTA (v4) daemon
pn  python-ldap                   <none>     (no description available)
pn  slapd                         <none>     (no description available)

-- no debconf information



Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#355177; Package pyca. (full text, mbox, link).


Acknowledgement sent to Lars Bahner <bahner@debian.org>:
Extra info received and forwarded to list. (full text, mbox, link).


Message #10 received at 355177@bugs.debian.org (full text, mbox, reply):

From: Lars Bahner <bahner@debian.org>
To: Marc Haber <mh+debian-bugs@zugschlus.de>, 355177@bugs.debian.org
Subject: Re: Bug#355177: /etc/pyca underdocumented
Date: Fri, 3 Mar 2006 22:47:28 +0100
Marc,

On Fri, Mar 03, 2006 at 09:13:13PM +0100, Marc Haber wrote:
> /etc/pyca obviously has some files which seem to be Debianisms. The
> only configuration file mentioned in the upstream docs is
> openssl.conf, while /etc/pyca also having a bunch of "cacert_*.cnf"
> files. The information contained there seems like a duplication of
> what is already in openssl.cnf.
> 
> The only mention of these files is in README.Debian, saying "you'll
> have to edit these files".

These are just extra openssl.cnf's for different CA's. They are
documented in /usr/share/doc/openssl/doc/openssl.txt.gz in the openssl
package.

A note of advice: Editing these files are not trivial. There is a coined
phrase "All you never wanted to know about X.509 but was forced to find
out.". You want to read documentation on PKI, X.509 and OpenSSL. You
might find "X.509 style guide" interesting (search for this on google). 

If what you are looking for is a quick CA-solution you might want to
take a look at the tinyca - which is also a Debian package :)

Kind regards,
Lars Bahner

PS. pyca is not maintained upstream, and is a bit outdated.
-- 
http://lars.bahner.com; Voice: +47 92884492; Postal: N-3870 Fyresdal
pub  1024D/54ECB8AF 2004-01-13 Lars Bahner <bahner@debian.org>
Key fingerprint = 0765 31CE 6223 B28C 1A64  4F7A 9972 7C14 54EC B8AF
sub  2048g/39A653E4 2004-01-13
     



Information forwarded to debian-bugs-dist@lists.debian.org, Lars Bahner <bahner@debian.org>:
Bug#355177; Package pyca. (full text, mbox, link).


Acknowledgement sent to Marc Haber <mh+debian-bugs@zugschlus.de>:
Extra info received and forwarded to list. Copy sent to Lars Bahner <bahner@debian.org>. (full text, mbox, link).


Message #15 received at 355177@bugs.debian.org (full text, mbox, reply):

From: Marc Haber <mh+debian-bugs@zugschlus.de>
To: Lars Bahner <bahner@debian.org>, 355177@bugs.debian.org
Subject: Re: Bug#355177: /etc/pyca underdocumented
Date: Fri, 3 Mar 2006 23:10:55 +0100
On Fri, Mar 03, 2006 at 10:47:28PM +0100, Lars Bahner wrote:
> On Fri, Mar 03, 2006 at 09:13:13PM +0100, Marc Haber wrote:
> > /etc/pyca obviously has some files which seem to be Debianisms. The
> > only configuration file mentioned in the upstream docs is
> > openssl.conf, while /etc/pyca also having a bunch of "cacert_*.cnf"
> > files. The information contained there seems like a duplication of
> > what is already in openssl.cnf.
> > 
> > The only mention of these files is in README.Debian, saying "you'll
> > have to edit these files".
> 
> These are just extra openssl.cnf's for different CA's. They are
> documented in /usr/share/doc/openssl/doc/openssl.txt.gz in the openssl
> package.

That file is ununderstandable for people who don't sleep with the
X.509 standard under their pillow. Reading it was an utter waste of
time.

If they're unneeded for pyca and not documented in the pyca package,
why do they ship with pyca?

> If what you are looking for is a quick CA-solution you might want to
> take a look at the tinyca - which is also a Debian package :)

unstable's tinyca does not work at all (#354386), and I am not too
fond about ca software with a GUI since this needs a at least remotely
recent computer to run on.

> PS. pyca is not maintained upstream, and is a bit outdated.

I noticed that.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835



Tags added: wontfix Request was from Lars Bahner <bahner@debian.org> to control@bugs.debian.org. (full text, mbox, link).


Bug closed, send any further explanations to Marc Haber <mh+debian-bugs@zugschlus.de> Request was from Lars Bahner <bahner@debian.org> to control@bugs.debian.org. (full text, mbox, link).


Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 18 Jun 2007 19:51:25 GMT) (full text, mbox, link).


Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Mar 28 12:37:18 2024; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.