| 5 Mar 2022 |
 Winter (she/her) | like i guess it's just about reducing attack surface no matter the setup | 19:55:18 |
 m1cr0man | well if you aren't using wildcards its more apparent - certs for each service, with the group assigned appropriately | 19:55:39 |
| Winter (she/her) | but giving the acme group won't give access to those? | 19:55:58 |
| Winter (she/her) | that's the point i'm trying to make, unless i'm wrong | 19:56:07 |
| m1cr0man | yeah but then you're granting acme group to N service accounts rather than just setting the cert group | 19:56:14 |
| Winter (she/her) | right | 19:56:36 |
| m1cr0man | it's definitely easier for end users to set the cert group, hence that group = mkDefault cfg.group in the nginx/httpd cert config | 19:56:45 |
| m1cr0man | * it's definitely easier for end users to set the cert group, hence that group = mkDefault cfg.group in the nginx/httpd cert config rather than add a user to a group | 19:56:57 |
