Last night someone asked me about a package that they were working on that had a pem file in it. Looking closer, it seems that the pem file is a cacert bundle. Looking around, there's not currently documentation on what to do with these. I did find some information on the wiki, though: https://fedoraproject.org/wiki/PackagingDrafts/Certificates https://fedoraproject.org/wiki/Features/SharedSystemCertificates https://fedoraproject.org/wiki/Talk:Features/SharedSystemCertificates I'm by no means an expert in this area but my impression is that the PackagingDraft is made obsolete by the Shared System Certificates Feature. As Killerix and Misc note on the talk page we should probably have some packaging guidelines added that tell us what the expectations are. The Guideline should answer the following questions: * Should packages that ship their own cacerts be patched to use Shared System Certificates instead? [I think the answer to this is yes] * If the package contains a cacert that is not in our bundle, should those be added? * How does a package add a cacert to our existing bundle? Is there anyone available to write a draft for this and submit it to the FPC (and answer questions that come up)? -Toshio
Attachment:
pgp6vcV6lEVMn.pgp
Description: PGP signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
