On Sun, Nov 17, 2024 at 2:04 PM Kevin Kofler via devel <devel@xxxxxxxxxxxxxxxxxxxxxxx> wrote: > > Björn Persson wrote: > >> == Release Notes == > >> The /etc/pki/tls/cert.pem file has been deprecated > > > > Removed, not deprecated, according to the rest of the proposal. > > Sysadmins who read "deprecated" in the release notes will think they > > can upgrade Fedora and look into migrating off /etc/pki/tls/cert.pem > > later. They will feel deceived when their in-house software breaks > > right away. > > I agree, but I think the terminology is the least of the problems here. > > I think this file must remain on the file system and OpenSSL needs to be > patched to ignore it if it has a more efficient alternative, as was in fact > already suggested in the discussion of the change (but refused by the change > owners). Backwards compatibility is something that needs to be retained > wherever possible. > This file has to remain on the system for a completely different reason: other crypto libraries may and do probably use this file. It is unreasonable to delete what essentially is our certificate store API without going through and fixing *all* crypto libraries and applications that directly load the CA store themselves to work with it upstream. -- 真実はいつも一つ!/ Always, there's only one truth! -- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
