(from Hartmut Goebel, at <https://issues.guix.gnu.org/54796#52>) Neither python-certifi nor gocertifi build on nss-cert. Addind some update mechanism into the Guix package is not a good idea IMO: This would make “erlang-certif@2.9.0“ contain different certificates than the release 2.9.0, making debugging a hell.... but I don't follow, it's just a different set of certificates, could you elaborate?
This argument is just about keeping the actual content of a package aligned with the content of the official release. This is a is less impotent argument then what I wrote in <https://issues.guix.gnu.org/54796#52>:
All these contain a copy of the/a CAbundle — which is the idea of these packages: „useful for systems thatdo not have CA bundles“.
Anyhow: Your proposal is to make upstream packages get rid of these bundles. Will this being quite some work.
An alternative approach could be to patch these packages, much
like Liliana suggested („mock“).
-- Regards Hartmut Goebel | Hartmut Goebel | h.goebel@crazy-compilers.com | | www.crazy-compilers.com | compilers which you thought are impossible |