[arch-general] [arch-dev-public] Rethinking our CA certificate setup

Gaetan Bisson bisson at archlinux.org
Sun Aug 24 06:06:04 EDT 2014


[2014-08-24 11:47:56 +0200] Jan Alexander Steffens:
> - Ship the update-ca-certificates script in a ca-certificates-utils
> package, which the certificate packages depend on
> - ca-certificates becomes a metapackage depending on the -mozilla and
> -cacert packages

So we'd have three ca-certificates-* packages?

If this is this only to allow users to remove the bundles (mozilla or
cacert) they do not trust, then couldn't we instead just keep everything
in one package; simply putting the files

	/etc/ca-certificates/conf.d/{mozilla,cacert}.conf 

in the backup array would allow anyone to override them, so disabling a
bundle would also be super easy...

Other than the fragmentation of packages (my new pet gripe), your plan
sounds great!

Cheers.

-- 
Gaetan


More information about the arch-general mailing list