You are not logged in.

#1 2014-07-20 07:45:58

mkoskar
Member
From: /location.jpg
Registered: 2014-07-16
Posts: 61
Website

Why does ca-certificates include only mozzila certificates?

I was missing spi-inc certificate and figured out that ca-certificates package deliberately builds only mozilla subdir from upstream source (which is http://packages.qa.debian.org/c/ca-certificates.html).

As of pkgver = 20140325 (https://projects.archlinux.org/svntogit … beaae68df7), upstream Makefile refers by default to 2 subdirs: mozilla, and spi-inc.org.

Does anybody know why we're specific about including only mozilla certificates?

Last edited by mkoskar (2014-07-20 07:46:39)


HomeBlogGitHubAUR

Offline

#2 2014-07-20 08:16:30

Scimmia
Bug Wrangler
Registered: 2012-09-01
Posts: 6,591

Re: Why does ca-certificates include only mozzila certificates?

What certificates should Arch trust? The default answer has been what Mozilla trusts.

Offline

#3 2014-07-20 08:28:52

mkoskar
Member
From: /location.jpg
Registered: 2014-07-16
Posts: 61
Website

Re: Why does ca-certificates include only mozzila certificates?

Scimmia wrote:

What certificates should Arch trust? The default answer has been what Mozilla trusts.

Right, I somehow (wrongly) assumed we're fine with what upstream maintains as the whole package.

Digging deeper, this shift in attitude is quiet recent though:

2014-03-24	only ship mozilla certs; cleanup old install message

HomeBlogGitHubAUR

Offline

#4 2014-07-20 09:19:00

karol
Archivist
Registered: 2009-05-06
Posts: 25,440

Re: Why does ca-certificates include only mozzila certificates?

Offline

#5 2014-07-20 09:36:47

mkoskar
Member
From: /location.jpg
Registered: 2014-07-16
Posts: 61
Website

Re: Why does ca-certificates include only mozzila certificates?

I see. Thanks for pointer.


HomeBlogGitHubAUR

Offline

Board footer

Powered by FluxBB