[arch-dev-public] [signoff] curl 7.22.0-2

Thomas Bächler thomas at archlinux.org
Wed Sep 28 08:27:47 EDT 2011

Am 27.09.2011 23:30, schrieb Jan de Groot:
>> I dropped a new curl in testing a few days ago with only one real
>> change. It now builds and uses its own cacert bundle which is dropped in
>> /etc/ssl/certs/ca-bundle.crt. This is similar to the ca-certificates
>> bundle, but taken directly from Mozilla and processed with an in tree
>> perl script.
>> With this, the ca-certificates dep is of course removed. I don't expect
>> any regressions, but please dig up your curl/https powered apps and make
>> sure they still work.
> What's the purpose of this? The whole reasoning behind ca-certificates
> is to have a central certificate store. Remember that the
> ca-certificates package as maintained by debian originates from NSS, so
> basically these contain the same certificates.
> IMHO this is a big -1 from my side.

Agreed, without further explanation this seems like complete nonsense.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.archlinux.org/pipermail/arch-dev-public/attachments/20110928/37c38bc1/attachment.asc>

More information about the arch-dev-public mailing list