guix-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] gnu: gnutls: Configure location of system-wide trust store

From: Andreas Enge
Subject: Re: [PATCH] gnu: gnutls: Configure location of system-wide trust store
Date: Wed, 19 Feb 2014 15:08:38 +0100
User-agent: Mutt/1.5.21 (2010-09-15) 
On Wed, Feb 19, 2014 at 02:40:42PM +0100, Ludovic Courtès wrote:
> So, all in all, while this is not ideal, using this configure flag to
> point to /etc/ssl/... sounds like a viable option to me.  It’s
> consistent with what other distros do, and it’s what we want to do
> eventually.
> 
> (Also, I think it’s time to really take the final system as the primary
> use case.)

The next question is, where do these certificates come from in our system?
I think a reasonable solution would be to:
- create a package with certificates (maybe inspired from those contained
  in debian);
- have gnutls depend on it, and use the gnutls configure flag to point to
  /nix/store/xxx-our-certificates/etc/ssl/... .

I think this would be more in line with our approach than pointing to /etc.
Also, if a certificate gets compromised and is withdrawn from the certificate
package, this would force gnutls and all its dependencies to be recompiled.

What do you think?

Andreas
reply via email to
[Prev in Thread] Current Thread [Next in Thread]