GNU bug report logs - #55043
Some packages depend on nss-certs, some bundle it.

Previous Next

Full log

Message #11 received at 55043 <at> debbugs.gnu.org (full text, mbox):

From: Hartmut Goebel <h.goebel <at> crazy-compilers.com>
To: Maxime Devos <maximedevos <at> telenet.be>, 55043 <at> debbugs.gnu.org,
 Liliana Marie Prikler <liliana.prikler <at> ist.tugraz.at>
Subject: Re: bug#55043: Some packages depend on nss-certs, some bundle it.
Date: Wed, 25 May 2022 09:26:42 +0200

[Message part 1 (text/plain, inline)]

Am 20.04.22 um 17:22 schrieb Maxime Devos:
>> (from Hartmut Goebel, at<https://issues.guix.gnu.org/54796#52>)
>> Neither python-certifi nor gocertifi build on nss-cert. Addind some
>> update mechanism into the Guix package is not a good idea IMO: This
>> would make “erlang-certif <at> 2.9.0“ contain different certificates
>> than the release 2.9.0, making debugging a hell.
> ... but I don't follow, it's just a different set of certificates, could
> you elaborate?

This argument is just about keeping the actual content of a package 
aligned with the content of the official release. This is a is less 
impotent argument then what I wrote in 
<https://issues.guix.gnu.org/54796#52>:

> All these contain a copy of the/a CA
> bundle — which is the idea of these packages: „useful for systems that
> do not have CA bundles“.

Anyhow: Your proposal is to make upstream packages get rid of these 
bundles. Will this being quite some work.

An alternative approach could be to patch these packages, much like 
Liliana suggested („mock“).

-- 
Regards
Hartmut Goebel

| Hartmut Goebel          |h.goebel <at> crazy-compilers.com                |
|www.crazy-compilers.com  | compilers which you thought are impossible |

[Message part 2 (text/html, inline)]

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.