You are not logged in.
I was missing spi-inc certificate and figured out that ca-certificates package deliberately builds only mozilla subdir from upstream source (which is http://packages.qa.debian.org/c/ca-certificates.html).
As of pkgver = 20140325 (https://projects.archlinux.org/svntogit … beaae68df7), upstream Makefile refers by default to 2 subdirs: mozilla, and spi-inc.org.
Does anybody know why we're specific about including only mozilla certificates?
Last edited by mkoskar (2014-07-20 07:46:39)
Offline
What certificates should Arch trust? The default answer has been what Mozilla trusts.
Offline
What certificates should Arch trust? The default answer has been what Mozilla trusts.
Right, I somehow (wrongly) assumed we're fine with what upstream maintains as the whole package.
Digging deeper, this shift in attitude is quiet recent though:
2014-03-24 only ship mozilla certs; cleanup old install message
Offline
Offline
I see. Thanks for pointer.
Offline