Bug#704180: Use p11-kit to replace nssckbi
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu Jan 10 20:53:41 GMT 2019
On Thu 2019-01-10 19:14:06 +0100, Laurent Bigonville wrote:
> If I'm searching for a file called libnssckbi.so in the archive, the
> only other occurrence is in package libapache2-mod-nss.
afaict, that's just a symlink:
etc/apache2/nssdb/libnssckbi.so -> /usr/lib/$ARCH_TRIPLET/nss/libnssckbi.so
so i don't think that matters for this discussion.
> Shouldn't it be better to use an alternative so a local admin can switch
> back to the libnss3 version? When I discussed with Mike about bug
> #820437 he didn't looked opposed to use p11-kit, see
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=820437#19
We can use /etc/alternatives if folks want to, but i think a simple "if
this package is installed, that means the admin wants to use it" rule is
easier for people to understand, less fiddly, and clearer when
collecting things like bug report information.
what's the advantage of using alternatives instead of a package-specific
displacement?
--dkg
More information about the Pkg-gnutls-maint
mailing list