GNU bug report logs - #54796
[PATCH v3 00/22] Add importer for hex.pm and rebar3 build-system for Erlang

Previous Next

Full log

View this message in rfc822 format

From: Hartmut Goebel <h.goebel <at> crazy-compilers.com>
To: Maxime Devos <maximedevos <at> telenet.be>, 54796 <at> debbugs.gnu.org
Subject: [bug#54796] [PATCH v3 03/22] gnu: Add erlang-certifi.
Date: Sun, 10 Apr 2022 12:27:15 +0200

Am 09.04.22 um 13:39 schrieb Maxime Devos:
> Can this bundle be built from 'nss-certs', such that when nss-certs is
> updated (e.g. Mozilla revokes a root certificate due to reasons),
> erlang-certifi is up-to-date as well?

This package is a sibling of python-certifi [1] and 
go-github-com-certifi-gocertifi. All these contain a copy of the/a CA 
bundle — which is the idea of these packages: „useful for systems that 
do not have CA bundles“. So they intentionally do not honor 
SSL_CERT_DIR/…. They are meant to be used as fall-back for 
libraries/applications honoring SSL_CERT_DIR/….

Neither python-certifi nor gocertifi build on nss-cert. Addind some 
update mechanism into the Guix package is not a good idea IMO: This 
would make “erlang-certif <at> 2.9.0“ contain different certificates than the 
release 2.9.0, making debugging a hell.

> As such, can this package be avoided as dependency?
As of now, rebar3 does not support SSL_CERT_DIR/…. Anyhow there is 
already an open ticket [3] for.

Other libraries/application might still need erlang-certifi, like some 
need python-certifi or gocertif. So anyhow we should keep this package.

[1] https://github.com/certifi/python-certifi
[2] https://github.com/certifi/gocertifi
[3] https://github.com/erlang/rebar3/issues/2696

-- 
Regards
Hartmut Goebel

| Hartmut Goebel          | h.goebel <at> crazy-compilers.com               |
| www.crazy-compilers.com | compilers which you thought are impossible |]

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.