[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#52690] Remove direct dependencies on the nss-certs certificate stor
From: |
Leo Famulari |
Subject: |
[bug#52690] Remove direct dependencies on the nss-certs certificate store |
Date: |
Mon, 20 Dec 2021 19:36:31 -0500 |
Three packages depend directly on nss-certs: ldns, pypy3, and icedtea6.
This is a problem because certificates expire. When that happens, the
features of these programs that use X.509 certificates will stop
working. Instead, packages should look up certificates at run-time in
unversioned and well-known locations such as /etc/ssl/certs or via
environment variables like $SSL_CERT_DIR.
I'll send a patch removing the dependency from ldns.
pypy3 does not build anyways because its runpath cannot be successfully
validated, but I will investigate anyways after disabling the runpath
validator.
Icedtea6 is a very complex package. I assume it depends on the
certificates directly for a good reason, but I would still appreciate
some feedback on it.
signature.asc
Description: PGP signature
- [bug#52690] Remove direct dependencies on the nss-certs certificate store,
Leo Famulari <=