Shared System Certificates followup: Packaging Guidelines?
Adam Williamson
awilliam at redhat.com
Wed Jan 8 18:03:24 UTC 2014
On Wed, 2014-01-08 at 18:56 +0100, Kai Engert wrote:
> On Mi, 2014-01-08 at 09:16 -0800, Adam Williamson wrote:
> > > Packages, that would like to use a default list of CA certificates,
> > > should be changed to use (consume) the new consolidated data that we
> > > provide as part of SharedSystemCertificates.
> >
> > This could do with some specifics:
> >
> > [adamw at adam libtorrent (master)]$ rpm -ql ca-certificates | grep -c -e
> > 'pem' -e 'crt'
> > 11
> > [adamw at adam libtorrent (master)]$
> >
> > which one of those 11 files, exactly, should we have packages use when?
> > When I came up against this situation recently I threw a dart and
> > picked /etc/pki/tls/certs/ca-bundle.crt , but I'm hardly certain.
>
> The manual page explains which files are intended for which purpose, and
> also mentions the availability of a smarter pkcs#11 module for
> applications that are able to use it.
>
> $ rpm -ql ca-certificates |grep -w man
> /usr/share/man/man8/update-ca-trust.8.gz
> $ man update-ca-trust
Thanks. It would probably be useful to have a guidelines section about
this, as it wasn't at all obvious.
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net
http://www.happyassassin.net
More information about the devel
mailing list