From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp12.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id iLCmG2/ajWJLRQAAbAwnHQ (envelope-from ) for ; Wed, 25 May 2022 09:27:43 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp12.migadu.com with LMTPS id sCKFG2/ajWJXeAAAauVa8A (envelope-from ) for ; Wed, 25 May 2022 09:27:43 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 6CD9310942 for ; Wed, 25 May 2022 09:27:42 +0200 (CEST) Received: from localhost ([::1]:33572 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ntlQj-0006dQ-J3 for larch@yhetil.org; Wed, 25 May 2022 03:27:41 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:40682) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ntlQ6-0006cG-6H for bug-guix@gnu.org; Wed, 25 May 2022 03:27:06 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:60290) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1ntlQ5-0004zs-Tj for bug-guix@gnu.org; Wed, 25 May 2022 03:27:01 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1ntlQ5-00032X-Py for bug-guix@gnu.org; Wed, 25 May 2022 03:27:01 -0400 X-Loop: help-debbugs@gnu.org Subject: bug#55043: Some packages depend on nss-certs, some bundle it. Resent-From: Hartmut Goebel Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Wed, 25 May 2022 07:27:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 55043 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Maxime Devos , 55043@debbugs.gnu.org, Liliana Marie Prikler Received: via spool by 55043-submit@debbugs.gnu.org id=B55043.165346361811672 (code B ref 55043); Wed, 25 May 2022 07:27:01 +0000 Received: (at 55043) by debbugs.gnu.org; 25 May 2022 07:26:58 +0000 Received: from localhost ([127.0.0.1]:54187 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ntlQ1-00032C-Sr for submit@debbugs.gnu.org; Wed, 25 May 2022 03:26:58 -0400 Received: from mout.kundenserver.de ([217.72.192.74]:43505) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ntlPx-00031w-Q4 for 55043@debbugs.gnu.org; Wed, 25 May 2022 03:26:56 -0400 Received: from hermia.goebel-consult.de ([79.211.177.11]) by mrelayeu.kundenserver.de (mreue107 [212.227.15.183]) with ESMTPSA (Nemesis) id 1MLyvH-1oB1Jk0Tz7-00HtIm; Wed, 25 May 2022 09:26:45 +0200 Received: from [192.168.110.2] (lenashee.goebel-consult.de [192.168.110.2]) by hermia.goebel-consult.de (Postfix) with ESMTP id 3694B5F535; Wed, 25 May 2022 09:26:42 +0200 (CEST) Content-Type: multipart/alternative; boundary="------------gH9vyS0NaLL0gqU6uqhA0KF1" Message-ID: <59b9644f-d5b4-3e85-a4a5-c44c1b204983@crazy-compilers.com> Date: Wed, 25 May 2022 09:26:42 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.9.0 Content-Language: en-US References: <2e58ada4430ad222c4bc392971edb014c5f10440.camel@telenet.be> From: Hartmut Goebel Organization: crazy-compilers.com In-Reply-To: <2e58ada4430ad222c4bc392971edb014c5f10440.camel@telenet.be> X-Provags-ID: V03:K1:QlNFMJ3Tu7xgzSP9t1uZjRSwR/mj0aOj2li0lYkPnsdpj4X3xmB 8EtHFmroPF/JU9AJQa1hMCO+ridRpQQ7ZuxzvifKHLqpJ86xG74EuaShYPtNzlEEHzwjAh6 oVe9XjiPY7cX71fpNP0YmOXbMDKHz76wZM7uf2go5c14X7Ayigz7fafC6wfIyUoo2XccR00 msKn/IVYqOARYHON8XpBw== X-UI-Out-Filterresults: notjunk:1;V03:K0:OVAN6vyhnxg=:qHGGWXRCGVxAyahaIB67GT BvQZq1rcsYaNfmJ5KstxXBXxy54yMSLAJBPuYsT1aaHKKkeZO+pAza057jhtYEbihTqylxwr/ LvfqAym4pvc+dh1Cke61NSEeF41aeIoMcXUlteJc6MW3yZZIgJU0MhahIY1r4pXLFkMKU2jbZ m40+SOltjgba+PBH2PWzWUoJracquEEMVH4XDUHeoj/SZQqxEE4FcJrv+ldlE20o4xTNZecSd bAcpHl/5WINGPpwUR+vL3/rPxeRPs4GNbJUrQX/miCZAG78Dz2MN4kt3XYO+z4bC616EPy8sW KtApKk+WVuTr8DlHGUBPAH5moPkpU6nK5wtz8XG9w/fS7fwD+jLLZ5D3+JPC85AxmF46mq0t4 zJnXjupud+cO2OlClTpdWQd6CHL5y7LKtrElVHLA1DQ8TKEYFNvVQa8JKVT6WeSIOog+lZE8z TV9ORbyw13FmTF7koXAfhCxGrpX6cNiZJkheKAjfC7zhDeoysML9dNKyT94qD/zqGgRMV6hWC TKUWPEP9EQiaZ0oCjR4MJlySmxHoJrxTtPA+/5vo7lBdAWwIC6kmwyfiYynnIYZ6Bu1fU0dsP zIg0RdUAN3BMNlduJGt7ankolFngKhmV2vV7e7SMOp2futiNsNJtZltcfzpGH4rMgZM9zpJlA UJnCZVRZ1bk1dBbz3Beo1Wvdp6G6h5MCEuFe5HgB93hCLlh7LuYXD+gqOe1TiXJc8M7caia9N ETtSuCKkkdCAmk2LCckV23lgngW+hdjUqVpCY93ULsTQPpk4FpY9DcDfrUk= X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: "bug-Guix" X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1653463662; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:in-reply-to:in-reply-to:references:references: list-id:list-help:list-unsubscribe:list-subscribe:list-post; bh=Y9wf668ApZULGz+mKUu8PQi4+aR68i0XvTynhGIWCPM=; b=Hqf1irdtVo0IOhSAOOyICQIPqq77/XiYvCKIjtEKyQt+lH+p8Q90GdttV4sTp38QgpD5/N ritEptB7iNxyqLhkX5bTnK8FgrG0T5oTOpWuheJema3J3PUSK5RFeZO1N3GgwTRNz9n1g9 FAG9YiRj32CuYgkt89lOHP2xfw0kGtvvX4m53VuMSg7y1ZgvGw80Dfh6FV1f8cqnFt8NjR nU0pbC5sTOPwvaH0MEAJgHKIpxRiOgLmLGVZ4Jo6IuEWdnG07PFBka549eeMILuJrL8vVz Zy6/wnOu14ujDyUwNQyilxEvuexZLqMBKoRxrENPBj/c27od0SvjM0/RBFBZpg== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1653463662; a=rsa-sha256; cv=none; b=lS7tXmEQDCxGHh3zQK8Wz1Dtdevz+oHjUDk8lUwBHFS8hh9XlwEgzhzlW46kGyxXsqbgdO 02HYSfDZ0Xag9RDNC7IZO/3xxKVUHc6cyJDPDkVK3T5+mYoZFZ+JSorCC0PwqvUq4eiWN+ IWLXzAGGwsl2gvGLoJil814aGZNpOCY4sW6JlgnUAK+GVF67nrjdUls1pQeyPP4whWnQAQ mnKpLCJ1lHj7YofeM8OePKmQ6jDmfm85SgODf0anO5ujsxcA4b+worgRiyjA0qa5dVXGwW GzXhf+lyrFr0aHy882VDCLcReuRLmtrlZ+izMFeKjH0RDK5ynqtoFd2TvTa43A== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -3.04 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 6CD9310942 X-Spam-Score: -3.04 X-Migadu-Scanner: scn1.migadu.com X-TUID: Aydqyx9/q3Iy This is a multi-part message in MIME format. --------------gH9vyS0NaLL0gqU6uqhA0KF1 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Am 20.04.22 um 17:22 schrieb Maxime Devos: >> (from Hartmut Goebel, at) >> Neither python-certifi nor gocertifi build on nss-cert. Addind some >> update mechanism into the Guix package is not a good idea IMO: This >> would make “erlang-certif@2.9.0“ contain different certificates >> than the release 2.9.0, making debugging a hell. > ... but I don't follow, it's just a different set of certificates, could > you elaborate? This argument is just about keeping the actual content of a package aligned with the content of the official release. This is a is less impotent argument then what I wrote in : > All these contain a copy of the/a CA > bundle — which is the idea of these packages: „useful for systems that > do not have CA bundles“. Anyhow: Your proposal is to make upstream packages get rid of these bundles. Will this being quite some work. An alternative approach could be to patch these packages, much like Liliana suggested („mock“). -- Regards Hartmut Goebel | Hartmut Goebel |h.goebel@crazy-compilers.com | |www.crazy-compilers.com | compilers which you thought are impossible | --------------gH9vyS0NaLL0gqU6uqhA0KF1 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 8bit
Am 20.04.22 um 17:22 schrieb Maxime Devos:
(from Hartmut Goebel, at <https://issues.guix.gnu.org/54796#52>)
Neither python-certifi nor gocertifi build on nss-cert. Addind some 
update mechanism into the Guix package is not a good idea IMO: This 
would make “erlang-certif@2.9.0“ contain different certificates
than the release 2.9.0, making debugging a hell.

... but I don't follow, it's just a different set of certificates, could
you elaborate?

This argument is just about keeping the actual content of a package aligned with the content of the official release. This is a is less impotent argument then what I wrote in <https://issues.guix.gnu.org/54796#52>:

All these contain a copy of the/a CA
bundle — which is the idea of these packages: „useful for systems that
do not have CA bundles“.

Anyhow: Your proposal is to make upstream packages get rid of these bundles. Will this being quite some work.

An alternative approach could be to patch these packages, much like Liliana suggested („mock“).

-- 
Regards
Hartmut Goebel

| Hartmut Goebel          | h.goebel@crazy-compilers.com               |
| www.crazy-compilers.com | compilers which you thought are impossible |
--------------gH9vyS0NaLL0gqU6uqhA0KF1--