From mboxrd@z Thu Jan 1 00:00:00 1970 From: Marek Benc Subject: Re: [PATCH] gnu: gnutls: Configure location of system-wide trust store Date: Tue, 03 Feb 2015 21:57:34 +0100 Message-ID: <54D1363E.4050400@gmx.com> References: <87r3u7di49.fsf@netris.org> <878ugepvh9.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:36090) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YIkXV-00060I-ES for guix-devel@gnu.org; Tue, 03 Feb 2015 15:57:42 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1YIkXQ-0001c2-PO for guix-devel@gnu.org; Tue, 03 Feb 2015 15:57:41 -0500 Received: from mout.gmx.net ([212.227.17.20]:49320) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YIkXQ-0001ax-Gw for guix-devel@gnu.org; Tue, 03 Feb 2015 15:57:36 -0500 Received: from [192.168.0.105] ([195.12.144.239]) by mail.gmx.com (mrgmx101) with ESMTPSA (Nemesis) id 0Li0dC-1XoaN72ora-00nCWx for ; Tue, 03 Feb 2015 21:57:31 +0100 In-Reply-To: <878ugepvh9.fsf@gnu.org> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org To: guix-devel@gnu.org On 02/03/2015 09:53 PM, Ludovic Courtès wrote: > Mark H Weaver skribis: > >> From 02bdf748b4c515d6dfc9c264fd48936bd29e04cb Mon Sep 17 00:00:00 2001 >> From: Mark H Weaver >> Date: Tue, 18 Feb 2014 21:30:53 -0500 >> Subject: [PATCH] gnu: gnutls: Configure location of system-wide trust store. >> >> * gnu/packages/gnutls.scm (gnutls): Configure the location of the system-wide >> trust store. > > I support it, OK to push. > > The next question will be which certificate bundles should we provide > there in the system distro? I know NixOS takes them from the cURL web > site, and Debian maintains its own (IIRC.) Any ideas? If I recall correctly, at one point, the idea was to extract the certificates from Icecat, but we were waiting for quidam to update it first (it was long stuck on a single version, 24 I think?) > > Thank you! > > Ludo’. > -- Marek.