On Mon, Jan 09, 2006 at 11:08:38AM -0500, solar wrote:
> On Mon, 2006-01-09 at 16:55 +0100, Andrea Barisani wrote:
> > Regarding the inclusion of ca-certificates as a PDEPEND (yeah a brief
> > exchange of emails already happened on -dev but since it's not so easy to
> > track it I'm lagging behind on this) I would like to express that I really
> > don't like the fact that we are "trusting" cacert.org certs (among others)
> > without providing it as a choice.
> >
> > Despite all the political views that we can throw in favour of a "cacert.org
> > are trying to make the SSL certs world less evil" argument this is some
> > major
> > policy that we are supporting and it shouldn't be taken that lightly (I
> > don't
> > remember such a major confrontation about this) and I really don't think
> > this
> > should be a default policy but rather user's choice. Technically cacert.org
> > is not a recognized CA in the "proper" way (and don't point that a proper CA
> > is a lame concept and a snake oil thing..this is not the point).
>
> > [CCing [EMAIL PROTECTED] because this concerns the team as well imho.]
> >
> > Just my 2 eurocent.
> >
> > P.S.
> > I know that firefox doesn't trust /etc/ssl/certs by default, dunno about
> > konqueror. The point is still relevant though.
>
>
> Do you think the PDEPEND of the ca-certs should be tied to a USE= flag?
> If so should it be a 'no*certs' flag or a USE=cacerts ?
USE=cacerts sounds the proper course of action to me.
--
Andrea Barisani <[EMAIL PROTECTED]> .*.
Gentoo Linux Infrastructure Developer V
( )
PGP-Key 0x864C9B9E http://dev.gentoo.org/~lcars/pubkey.asc ( )
0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E ^^_^^
"Pluralitas non est ponenda sine necessitate"
--
gentoo-dev@gentoo.org mailing list
