On Wed, 2014-01-08 at 18:56 +0100, Kai Engert wrote: > On Mi, 2014-01-08 at 09:16 -0800, Adam Williamson wrote: > > > Packages, that would like to use a default list of CA certificates, > > > should be changed to use (consume) the new consolidated data that we > > > provide as part of SharedSystemCertificates. > > > > This could do with some specifics: > > > > [adamw@adam libtorrent (master)]$ rpm -ql ca-certificates | grep -c -e > > 'pem' -e 'crt' > > 11 > > [adamw@adam libtorrent (master)]$ > > > > which one of those 11 files, exactly, should we have packages use when? > > When I came up against this situation recently I threw a dart and > > picked /etc/pki/tls/certs/ca-bundle.crt , but I'm hardly certain. > > The manual page explains which files are intended for which purpose, and > also mentions the availability of a smarter pkcs#11 module for > applications that are able to use it. > > $ rpm -ql ca-certificates |grep -w man > /usr/share/man/man8/update-ca-trust.8.gz > $ man update-ca-trust Thanks. It would probably be useful to have a guidelines section about this, as it wasn't at all obvious. -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net http://www.happyassassin.net -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
