From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1.migadu.com ([2001:41d0:403:58f0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms1.migadu.com with LMTPS id sD2KD0rDJ2aRDwEA62LTzQ:P1 (envelope-from ) for ; Tue, 23 Apr 2024 16:18:50 +0200 Received: from aspmx1.migadu.com ([2001:41d0:403:58f0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1.migadu.com with LMTPS id sD2KD0rDJ2aRDwEA62LTzQ (envelope-from ) for ; Tue, 23 Apr 2024 16:18:50 +0200 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=lassieur.org header.s=fm2 header.b=gFMav8EK; dkim=pass header.d=messagingengine.com header.s=fm3 header.b="R kpSaSo"; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1713881930; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=clbaZXiPRtp1iCcUqRarY4JdZc4UL9I+/xUd/rVXA0w=; b=sR7BnHi5DMlgnn8NQ9A8C4vmV6L5oNcUTFgkrWH83HBkI584yxnCvXEznBtR7DKFbFnLlf AWuVy2uTWS4hmzCSJSVMvAGTiexdwcrsaeCDTBsb6Vz1i1VcMMAL/P+HzsCOTWpoemJxM4 5yTYOAkvm2OCt9IuriflK/baMdt1yuk72MezoAmqaE0wsIWqMq5YlYBFZAU/LSp043abR7 SsSj0qfVg1/PQfbs5ssi/eT1HUQOD04tY5QgWRz7GlbolZVa96WdlXAGj3dZkO+GvpFkJR y1Df6c2Qz+0DzSmySiu8T8gVcTGROk4YuHPTffRR0q+ZSu75MI77hZ0dmdW9hA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=lassieur.org header.s=fm2 header.b=gFMav8EK; dkim=pass header.d=messagingengine.com header.s=fm3 header.b="R kpSaSo"; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" ARC-Seal: i=1; s=key1; d=yhetil.org; t=1713881930; a=rsa-sha256; cv=none; b=KVLdw5XKGN4YffqxAXNdctPckTma/IJfHtIiLBgm8A6mdzlWpu9YsM1xMGD1lz+50Ox9PW PEI7B+dbMMwNVSw3iNaQ+Us+hH2xoWw/gcAo/wsy9y3L/X0dQZPLNAV8mHP8+a7dnwDPwU W1BIzb/EmmxkiKus3y+n7ISXm+dfCXhoL3cwmurGYdh+PMIu/AxbaPY7TUAF528n4wy0GV ejhG4wGeS7AVRVKsn4i2KhB5xX87hDkrZOulJesBYUyx8rK4pq/ZXN9i9YODDh+cBp4Glr 81UosY8bCJX/7o9X0WVMpCQsJgfK5buQcpwdszZJ0TBxNEbmsyGf9T6JTQlXzw== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 751C43B5 for ; Tue, 23 Apr 2024 16:18:49 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rzGyT-0000Qc-Ca; Tue, 23 Apr 2024 10:18:21 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rzGyP-0000PZ-UF for guix-devel@gnu.org; Tue, 23 Apr 2024 10:18:17 -0400 Received: from fout3-smtp.messagingengine.com ([103.168.172.146]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rzGyO-0006lV-0V for guix-devel@gnu.org; Tue, 23 Apr 2024 10:18:17 -0400 Received: from compute7.internal (compute7.nyi.internal [10.202.2.48]) by mailfout.nyi.internal (Postfix) with ESMTP id 525FC138015E; Tue, 23 Apr 2024 10:18:12 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute7.internal (MEProxy); Tue, 23 Apr 2024 10:18:12 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lassieur.org; h= cc:cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm2; t=1713881892; x=1713968292; bh=clbaZXiPRtp1iCcUqRarY4JdZc4UL9I+/xUd/rVXA0w=; b= gFMav8EKh9YA74VZQL4yC4CCy6D4TF64S4+YVTWfN9lwW6c/lR+wutcjxuvxsDAq ed33Y6BHjMI/NHKjdqa2mrsmc5Bjpa/GuI84LN770TQ3HkB0W3cpYEWVkSKY1BCg 6Pusr1unJpdsIUW5edLE6iLvcC+BKIm2ilgQE2N0jXcGh8zxGPJYRYxftWMGNcgx 2B2VEnf8x0LlxFGik/ExDDAkQF40iCuQuwrJjBWOI3TC9o8yuQ9aBITo8NCIKM2o nd64Agafkx+pPUVcVeMXMbrWAutp7QxvemLgwyNKmhIBBXfH/kEiYvCPyGVqCW1f vyvlg6BeIG3GAjAENIglFQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t=1713881892; x= 1713968292; bh=clbaZXiPRtp1iCcUqRarY4JdZc4UL9I+/xUd/rVXA0w=; b=R kpSaSoY6zFfrhhXCu+fv2wVupZxKiCWnaxarmA3He9XDgh1/wPjfKzoyXF9y5pq2 NgJgSy61IAOQhkZE1YGJk5jXmuSaahlozUrb7I2ynxglb1Fp4NOE+E0nsw1+J1oA /KolOjrBh/GnHFQcDDzWkh5DmNejLudN8/A+JCWyjIB1+ikg93mq4AyjXtqAMoA3 vEBEqV9RTjRhhYSx4LKwOSAziQwgwZo5cxBdU3RhE1JL1n/aYvTLvcvKz9siIo6G cpfMB3Y/ZPg1Gw2bYpKiqnAZ4YNaKM6S840+9RB2p7EgUa1DBUT1UxhrEzZMpDOv ASRqIY6FlNpbiXHE0T06A== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledrudeluddgjeehucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhephffvvefujghffffkfgggtgfgsehtqhertddtreejnecuhfhrohhmpeevlhor mhgvnhhtucfnrghsshhivghurhcuoegtlhgvmhgvnhhtsehlrghsshhivghurhdrohhrgh eqnecuggftrfgrthhtvghrnheptdelleekudffudeiteekjedugffhheevveeijeduuefh leelffetveehtdevledunecuffhomhgrihhnpehhthhtphhsihhsuhhsvgguohhnvghvvg hrhihprghgvgdrihgunecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghi lhhfrhhomheptghlvghmvghntheslhgrshhsihgvuhhrrdhorhhg X-ME-Proxy: Feedback-ID: i4c21472a:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 23 Apr 2024 10:18:10 -0400 (EDT) From: =?utf-8?Q?Cl=C3=A9ment_Lassieur?= To: Maxim Cournoyer Cc: guix-devel Subject: Re: Should we include nss-certs out of the box? In-Reply-To: <874jciuxqq.fsf@gmail.com> (Maxim Cournoyer's message of "Wed, 03 Apr 2024 14:06:37 -0400") References: <874jciuxqq.fsf@gmail.com> Date: Tue, 23 Apr 2024 16:18:07 +0200 Message-ID: <87y1942me8.fsf@lassieur.org> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Received-SPF: pass client-ip=103.168.172.146; envelope-from=clement@lassieur.org; helo=fout3-smtp.messagingengine.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: guix-devel-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Spam-Score: -5.62 X-Migadu-Scanner: mx11.migadu.com X-Spam-Score: -5.62 X-Migadu-Queue-Id: 751C43B5 X-TUID: c/AokuFyp8SG On Wed, Apr 03 2024, Maxim Cournoyer wrote: > It's been Guix policy to let people choose whether to install or not TLS > root certificates and which one to their machine. While I applaud the > idea to have the users make a conscious decision about it, in practice I > suppose very few of us choose to *not* install any as that basically > breaks using web browsers, especially ones like IceCat which (by > default) ensures HTTPS is used on every page. I'd be surprised Icecat breaks from this as it uses its own cert database and allows HTTP when HTTPS doesn't work. Kind regards, Cl=C3=A9ment