On 02/19/2014 03:08 PM, Andreas Enge wrote: > The next question is, where do these certificates come from in our system? > I think a reasonable solution would be to: > - create a package with certificates (maybe inspired from those contained > in debian); > - have gnutls depend on it, and use the gnutls configure flag to point to > /nix/store/xxx-our-certificates/etc/ssl/... . > > I think this would be more in line with our approach than pointing to /etc. > Also, if a certificate gets compromised and is withdrawn from the certificate > package, this would force gnutls and all its dependencies to be recompiled. > > What do you think?
I like this solution. Sree