On Wed, 2014-01-08 at 18:05 +0100, Kai Engert wrote: > On Mi, 2013-12-11 at 09:59 -0800, Toshio Kuratomi wrote: > > Last night someone asked me about a package that they were working on that > > had a pem file in it. Looking closer, it seems that the pem file is > > a cacert bundle. Looking around, there's not currently documentation on > > what to do with these. I did find some information on the wiki, though: > > > > https://fedoraproject.org/wiki/PackagingDrafts/Certificates > > https://fedoraproject.org/wiki/Features/SharedSystemCertificates > > https://fedoraproject.org/wiki/Talk:Features/SharedSystemCertificates > > > > I'm by no means an expert in this area but my impression is that the > > PackagingDraft is made obsolete by the Shared System Certificates Feature. > > As Killerix and Misc note on the talk page we should probably have some > > packaging guidelines added that tell us what the expectations are. > > > > The Guideline should answer the following questions: > > > > * Should packages that ship their own cacerts be patched to use Shared > > System Certificates instead? [I think the answer to this is yes] > > Packages, that would like to use a default list of CA certificates, > should be changed to use (consume) the new consolidated data that we > provide as part of SharedSystemCertificates. This could do with some specifics: [adamw@adam libtorrent (master)]$ rpm -ql ca-certificates | grep -c -e 'pem' -e 'crt' 11 [adamw@adam libtorrent (master)]$ which one of those 11 files, exactly, should we have packages use when? When I came up against this situation recently I threw a dart and picked /etc/pki/tls/certs/ca-bundle.crt , but I'm hardly certain. -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net http://www.happyassassin.net -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
