[arch-general] [arch-dev-public] Rethinking our CA certificate setup
Gaetan Bisson
bisson at archlinux.org
Sun Aug 24 06:06:04 EDT 2014
[2014-08-24 11:47:56 +0200] Jan Alexander Steffens:
> - Ship the update-ca-certificates script in a ca-certificates-utils
> package, which the certificate packages depend on
> - ca-certificates becomes a metapackage depending on the -mozilla and
> -cacert packages
So we'd have three ca-certificates-* packages?
If this is this only to allow users to remove the bundles (mozilla or
cacert) they do not trust, then couldn't we instead just keep everything
in one package; simply putting the files
/etc/ca-certificates/conf.d/{mozilla,cacert}.conf
in the backup array would allow anyone to override them, so disabling a
bundle would also be super easy...
Other than the fragmentation of packages (my new pet gripe), your plan
sounds great!
Cheers.
--
Gaetan
More information about the arch-general
mailing list