conf vs. lib

[Wang Weijun]

> On Jul 27, 2016, at 7:13 PM, Alan Bateman <Alan.Bateman at oracle.com> wrote:
> 
> 
> 
> On 27/07/2016 10:45, Wang Weijun wrote:
>> :
>> I suggest we create a new special -keystore value "<<CACERTS>>" which acts like an alias of the cacerts file. Creating a new option means we have to document its relation with the existing -keystore option. The new name can also work with the -importkeystore command.
>> 
>> Like this:
>> 
>> keytool -list -keystore <<CACERTS>>
>> 
>> The name is inspired by <<ALL FILES>> in FilePermission. I'm open to other styles.
>> 
> I assume you mean to quote this as this will otherwise cause redirection when used on the command line or in scripts.

Yes. Or just CACERTS? This will be ambiguous.

> 
> In any case, it does seem a bit unusual to me. I would assume something like `keytool -list -cacerts` would be easier. I realize it would mean disallowing its usage with -keystore.

How much is creating a new name or a new option worth? Do we plan to move cacerts again? Unless we backport it (I believe back porting a name is easier than an option), it is useless in writing a "cross-release" script.

Another benefit is that we can invent new names later, say, user's own "cacerts" used by deployment.

BTW, you said:

> If there are existing scripts that are specifying the location then they will continue to work.

What does this mean? If we change the location, it sure will not work, and they are recommended to use the new style, whether a new name or a new option. Anyway the script must be modified. In fact, most likely the script is importing a cert into cacerts, and importing one to an non-existent file will succeed silently!

--Max

> 
> -Alan