Bug#704180: Use p11-kit to replace nssckbi
David Woodhouse
dwmw2 at infradead.org
Thu Jan 10 18:03:35 GMT 2019
On Wed, 2019-01-09 at 14:04 -0500, Daniel Kahn Gillmor wrote:
> On Wed 2019-01-09 16:39:36 +0100, Laurent Bigonville wrote:
> > So what is the status of this?
> >
> > In RHEL 7 they made the switch to p11-kit and libnssckbi.so is an
> > alternative between the file shipped by nss and p11-kit-trust.so shipped
> > by p11-kit (with p11-kit version being the default).
> >
> > Should we switch debian by default to p11-kit as well?
>
> seems like the maintainers of p11-kit could unilaterally decide to
> implement the diversion approach mentioned in
> https://bugs.debian.org/704180 with a new binary package, if the nss
> folks are reluctant to do it.
>
> I'm cc'ing Andreas here to try to get some feedback -- is this something
> that there's interest in for the p11-kit maintainers?
That would seem like an excellent way to do it.
However, am I right in thinking that we have multiple packages all
shipping their *own* special version of the NSS libraries, instead of
using the system one? Each instance of libnssckbi.so (in firefox,
thunderbird, etc.) would need to be replaced, wouldn't it?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5174 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnutls-maint/attachments/20190110/bc99a1f2/attachment.bin>
More information about the Pkg-gnutls-maint
mailing list