Re: net/freeradius2

To: NetBSD tech-pkg <tech-pkg%netbsd.org@localhost>
Subject: Re: net/freeradius2
From: Joerg Sonnenberger <joerg%britannica.bec.de@localhost>
Date: Thu, 22 Mar 2012 00:44:44 +0100

On Wed, Mar 21, 2012 at 12:17:25PM -0600, Brook Milligan wrote:
> - In order to run the test suggested on the freeradius web page, it is
>   necessary to run the bootstrap script in ${PKG_SYSCONFDIR}/certs,
>   which creates some default certificates. Is it appropriate to run
>   this during the package installation process?

IMO no. Self-signed certificates are too inappropiate in many deployment
scenarios, especially when used for authentication infrastructure.

> - In order to run the test a particular configuration, in this case
>   'default', must be enabled.  Is it appropriate to install that in
>   ${PKG_SYSCONFDIR}/sites-enabled/?

Not sure. Does the configuration look anywhere sane out of the box? E.g.
does it make sense to run it without extensive changes? It just requires
a symlink, so I'm not sure if it is really useful to create it
automatically. More importantly, consider you create your own
configuration and remove the symlink again. Now you update the package.
Should that recreate the symlink? I would be annoyed if it did. How
should it know that it isn't appropiate?

> - If either of the above are not appropriate, then should MESSAGE be
>   modified to include mention of the steps that the package does not
>   do?

For me it is kind of the default assumptions that I have to finish the
configuration of a network facing server before I can enable it. I tend
to prefer a README document, but I wouldn't care about a MESSAGE either.

Joerg

References:
- net/freeradius2
  - From: Brook Milligan

Prev by Date: Re: dbus, policykit and consolekit
Next by Date: daily pkgsrc CVS update output
Previous by Thread: net/freeradius2
Next by Thread: Re: net/freeradius2
Indexes:

Home | Main Index | Thread Index | Old Index