Jean-Baptiste Volatier schreef op za 03-07-2021 om 17:41 [+0000]:
> +       ("nss-certs" ,nss-certs)

Preferably not if it can be avoided.

Users should be able to curate their own bundle of certificates
instead of relying on Mozilla, though in practice people will
just let Mozilla handle that.  Or, on multi-user systems, just
rely on the administrator to choose a bundle of certificates,
install it globally and update it regularily.

Also, it should be possible to update the certificate bundle
(e.g. if it turns out some root was or became evil or something,
or was compromised) quickly, without going through a world rebuild.
So dependencies on "nss-certs" should be avoided.

What are the reasons for adding "nss-certs" here?

Greetings,
Maxime