The BIGGEST BANG FOR THE BUCK would be 4.: Allow the user to specific a different (and exclusive) CA location.
As noted in my original reply, that already exists if you build from source - the decision is a compile time one. If you use a package, the packager will generally select the option that makes the software easiest to use and maintain out of the box, which means that, if the OS supports a compatible certificate store mechanism, the packager will select that, so that it will work out of the box, and certificates will get updated as part of the OS update process.
If there isn't such a mechanism, it will install Pidgin's standard set of certificates in a directory private to libpurple, so that the user doesn't have to hunt down certificates before they use it.
At least from a quick glance, you can tell it to use a system certificate store, when you build it, but point that at a directory that you populate with certificates, rather than the standard OS certificate store.
_______________________________________________ Support@pidgin.im mailing list Want to unsubscribe? Use this link: http://pidgin.im/cgi-bin/mailman/listinfo/support
