Bug#704180: Use p11-kit to replace nssckbi
David Woodhouse
dwmw2 at infradead.org
Mon Jan 14 16:27:37 GMT 2019
On Mon, 2019-01-14 at 10:33 -0500, Daniel Kahn Gillmor wrote:
> On Sun 2019-01-13 19:07:42 +0100, Andreas Metzler wrote:
> > The coding would be straightforward afaict.
> >
> > https://salsa.debian.org/gnutls-team/p11-kit/commits/tmp-704180-divertnss
>
> I like the looks of this, though perhaps we want to name the new package
> p11-kit-trust to be more in line with the name given by other distros.
In Fedora it's called p11-kit-trust and it's pulled in by default as a
dependency of various other packages including NSS and GnuTLS. In fact
I think GnuTLS is built to use it as its default trust store, so not
installing it isn't really a possibility. It also provides the standard
update-ca-certificates mechanism which manages the CAs used by OpenSSL.
They use alternatives so that if the user really wants to disable it
for NSS and use the standard libnssckbi.so for NSS, they can.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5174 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnutls-maint/attachments/20190114/695627f6/attachment.bin>
More information about the Pkg-gnutls-maint
mailing list