On Fri, 2014-10-31 at 14:05 +0100, Kai Engert wrote: > On Wed, 2014-10-15 at 12:28 +0200, Vít Ondruch wrote: > > Nevertheless, I am still unsure how to proceed with RubyGems. Should I > > ship the bundled certificates again? Or should I wait until somebody > > notices? > > Sorry for my late reply, because I didn't have a good suggestion > earlier. > > We should work with the upstream OpenSSL and the GnuTLS projects, and > motivate them to implement more advanced path building. This would be a > long term project. Is there some issue with gnutls in F21? As far as I understand it should work as expected with the certificates removed. > So, to answer Vít's original question: > I'd prefer if RubyGems didn't ship its own copy. I think our recent > achievement that all software packages on a system use the same > (default) set of trusted CA certificates is a good improvement, and I > think we should keep it. More than agree. No package should try provide "better" defaults than the shipped ca-certificates, not only because it won't be better, but because this is system configuration which administrators can and _do_ change. regards, Nikos -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
