[arch-dev-public] [signoff] move ca-certificates/run-parts from core to extra
Moin, some time ago openssl stopped distirbuting their own set of certificates. I introduced the ca-certificates then. But nothing in core really depends on those certs and therefore I wonder if it would be better to move it and its dep run-parts to extra. What do you think about this? Pierre -- Pierre Schmitz Clemens-August-Straße 76 53115 Bonn Telefon 0228 9716608 Mobil 0160 95269831 Jabber pierre@jabber.archlinux.de WWW http://www.archlinux.de
On Tue, Dec 9, 2008 at 5:45 AM, Pierre Schmitz <pierre@archlinux.de> wrote:
Moin,
some time ago openssl stopped distirbuting their own set of certificates. I introduced the ca-certificates then.
But nothing in core really depends on those certs and therefore I wonder if it would be better to move it and its dep run-parts to extra.
What do you think about this?
Hmm, I thought the idea was that the certificates should be held up to the "quality of core packages" and all that. I don't think I'd mind much, so unless someone has a huge reason against this, you have a tentative +1 from me
Am Dienstag 09 Dezember 2008 17:11:09 schrieb Aaron Griffin:
Hmm, I thought the idea was that the certificates should be held up to the "quality of core packages" and all that.
I have never heard of that definition of the [core] repo. So if there are no complaints I'll move those. Things are easier if we keep [core] as small as possible. -- Pierre Schmitz Clemens-August-Straße 76 53115 Bonn Telefon 0228 9716608 Mobil 0160 95269831 Jabber pierre@jabber.archlinux.de WWW http://www.archlinux.de
On Tue, Dec 9, 2008 at 10:53 AM, Pierre Schmitz <pierre@archlinux.de> wrote:
Am Dienstag 09 Dezember 2008 17:11:09 schrieb Aaron Griffin:
Hmm, I thought the idea was that the certificates should be held up to the "quality of core packages" and all that.
I have never heard of that definition of the [core] repo. So if there are no complaints I'll move those.
I'll lodge a request to keep them in [core]. These are pretty standard and base things on a secure system these days, and I feel like they deserve the scrutiny and attention core packages get from us.
Things are easier if we keep [core] as small as possible.
Are you equating "easier" and "don't need to sign off"? If so, it sounds like we have a different problem to address here. -Dan
Am Dienstag 09 Dezember 2008 19:23:15 schrieb Dan McGee:
I'll lodge a request to keep them in [core]. These are pretty standard and base things on a secure system these days, and I feel like they deserve the scrutiny and attention core packages get from us.
Things are easier if we keep [core] as small as possible.
Are you equating "easier" and "don't need to sign off"? If so, it sounds like we have a different problem to address here.
I see, I haven't thought about all aspects. I just checked if it is needed to get a system up and running or if it is needed by another core package. Rechnically there is no defference if it was in core or extra. It is not required by any package in core/base and its not installed by default anyway. But if we agree to extend the definition of the core repo to some kind of advanced quality/security concerns I am fine with keeping it in core. PS: There is a ca-certificates package in testing for a while. Afaik brain0 started a base group cleanup; not sure if he finished it and this package was forgotten. -- Pierre Schmitz Clemens-August-Straße 76 53115 Bonn Telefon 0228 9716608 Mobil 0160 95269831 Jabber pierre@jabber.archlinux.de WWW http://www.archlinux.de
Pierre Schmitz schrieb:
I see, I haven't thought about all aspects. I just checked if it is needed to get a system up and running or if it is needed by another core package.
openssl is not very useful without a sane set of default certificates. For example, using wget without ca-certificates installed will result in a failed certificate check every time.
Am Dienstag 09 Dezember 2008 20:08:34 schrieb Thomas Bächler:
Pierre Schmitz schrieb:
I see, I haven't thought about all aspects. I just checked if it is needed to get a system up and running or if it is needed by another core package.
openssl is not very useful without a sane set of default certificates. For example, using wget without ca-certificates installed will result in a failed certificate check every time.
So, what would be the best solution here? Make openssl depend on ca- certificates? -- Pierre Schmitz Clemens-August-Straße 76 53115 Bonn Telefon 0228 9716608 Mobil 0160 95269831 Jabber pierre@jabber.archlinux.de WWW http://www.archlinux.de
participants (4)
-
Aaron Griffin
-
Dan McGee
-
Pierre Schmitz
-
Thomas Bächler