[Python-apps-team] Bug#619821: Configure SSL certificates
Thomas Arendsen Hein
thomas at intevation.de
Mon Mar 28 09:15:57 UTC 2011
* Vincent Danjean <Vincent.Danjean at ens-lyon.org> [20110327 21:39]:
> On 27/03/2011 15:09, Seo Sanghyeon wrote:
> > Package: mercurial
> > Version: 1.8.1-1
> >
> > I think SSL certificates should be configured in system-wide hgrc.
> > Here's how: http://mercurial.selenic.com/wiki/CACertificates
>
> I did not try certificates (nor read the linked document) yet.
> However, would putting this config in system-wide hgrc still allow
> a user to disable this functionality ?
Yes, by adding this to the user's ~/.hgrc:
[web]
cacerts =
Or by using the --insecure command line switch.
> Upstream does not like at
> all that distrib-mercurial has some features automatically enabled
> in system-wide hgrc that are not enabled by default in plain
> mercurial.
This was about too many extensions enabled by default.
See http://mercurial.selenic.com/wiki/Packaging#SSL_support
"2. SSL support
Packagers are encouraged to integrate as well as possible with the
platforms existing PKI, for example by distributing a
hgrc.d/cacert.rc with configuration of web.cacerts."
> > This would add dependency to ca-certificates pacakge.
>
> For now, we could add it in 'Suggests' and document this in
> README.Debian
I'd say adding it to /etc/mercurial/hgrc.d/cacert.rc and using
'Recommends' would be the best solution.
Regards,
Thomas
--
thomas at intevation.de - http://intevation.de/~thomas/ - OpenPGP key: 0x5816791A
Intevation GmbH, Neuer Graben 17, 49074 Osnabrueck - AG Osnabrueck, HR B 18998
Geschaeftsfuehrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
More information about the Python-apps-team
mailing list