On Wed, 03 Apr 2024 14:06:37 -0400 Maxim Cournoyer <maxim.courno...@gmail.com> wrote:
> Hi, > > It's been Guix policy to let people choose whether to install or not > TLS root certificates and which one to their machine. While I > applaud the idea to have the users make a conscious decision about > it, in practice I suppose very few of us choose to *not* install any > as that basically breaks using web browsers, especially ones like > IceCat which (by default) ensures HTTPS is used on every page. > > It apparently even makes it impossible to run 'guix pull', if I am to > believe bug#62026. > > Should we do as in bug#62026 and have this package be part of the > recommended basic installation? It'd be in the basic set of an > operating-system packages (via its default %base-packages set). It > could still be manipulated via the Guix API (filtered out/replaced > with something else). > > Is anyone opposed to having nss-certs in %base-packages? > Hello, IMO everything should work out of the box. Power users will be able to do their stuff if they need to, so the feature should be opt-out. -- Jan Wielkiewicz