From: "Ludovic Courtès" <ludo@gnu.org>
To: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Cc: guix-devel <guix-devel@gnu.org>
Subject: Re: Should we include nss-certs out of the box?
Date: Wed, 10 Apr 2024 16:50:39 +0200 [thread overview]
Message-ID: <87il0pjmps.fsf@gnu.org> (raw)
In-Reply-To: <874jciuxqq.fsf@gmail.com> (Maxim Cournoyer's message of "Wed, 03 Apr 2024 14:06:37 -0400")
Hi,
Maxim Cournoyer <maxim.cournoyer@gmail.com> skribis:
> It's been Guix policy to let people choose whether to install or not TLS
> root certificates and which one to their machine. While I applaud the
> idea to have the users make a conscious decision about it, in practice I
> suppose very few of us choose to *not* install any as that basically
> breaks using web browsers, especially ones like IceCat which (by
> default) ensures HTTPS is used on every page.
Right.
> It apparently even makes it impossible to run 'guix pull', if I am to
> believe bug#62026.
I don’t think that’s the case: see use of ‘le-certs’ in (guix scripts
pull).
> Should we do as in bug#62026 and have this package be part of the
> recommended basic installation? It'd be in the basic set of an
> operating-system packages (via its default %base-packages set). It
> could still be manipulated via the Guix API (filtered out/replaced with
> something else).
>
> Is anyone opposed to having nss-certs in %base-packages?
No objection from me. I’m partly responsible for the initial choice to
not include nss-certs by default, but as you write, most likely everyone
installs it these days.
Note that we’ll also need to remove that choice from the installer in
(gnu installer services).
Thanks!
Ludo’.
next prev parent reply other threads:[~2024-04-10 14:51 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-03 18:06 Should we include nss-certs out of the box? Maxim Cournoyer
2024-04-03 19:21 ` Ryan Prior
2024-04-03 20:10 ` Felix Lechner via Development of GNU Guix and the GNU System distribution.
2024-04-05 16:45 ` Jan Wielkiewicz
2024-04-08 18:56 ` Richard Sent
2024-04-10 14:50 ` Ludovic Courtès [this message]
2024-04-19 1:58 ` Maxim Cournoyer
2024-04-23 14:18 ` Clément Lassieur
2024-04-25 15:35 ` Maxim Cournoyer
2024-04-25 22:42 ` Clément Lassieur
-- strict thread matches above, loose matches on Subject: below --
2024-04-18 10:45 Fabio Natali
2024-04-19 15:25 ` Maxim Cournoyer
2024-04-20 10:06 ` Fabio Natali
2024-04-21 19:29 ` Fabio Natali
2024-04-23 6:11 ` pelzflorian (Florian Pelz)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87il0pjmps.fsf@gnu.org \
--to=ludo@gnu.org \
--cc=guix-devel@gnu.org \
--cc=maxim.cournoyer@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).