Randy McMurchy wrote: > I suppose it looks as though when I questioned this idea, I acted > hesitant to DJ's idea. Seeing how Bruce gave me the "big picture", > when I only needed to know what a "Distro specific CA certificate" > was, means I missed entirely on my message to DJ. > > What I was getting at is the stuff about "Distro Specific", which > still to me isn't defined, so I questioned it without mentioning in > my initial reply that it was the OpenSSL suggestion that started me > in the direction of confusion. > Yes. I hadn't realized that OpenSSL has stopped shipping a populated certs file (still haven't looked, but I'll take your word for it). 'Distro specific' was a bad choice of words, though it was used in the original discussion. We need to provide some sort of system wide CA store. Currently, I know of only six packages in BLFS that will take advantage of it (but I believe there are more, I just haven't looked closely yet), and only two, openssl and gnome-keyring, that are not fully configured without providing root CAs (Current JDK and Mozilla products contain their own).
> And knowing that just in the last few days when DJ made comments > that my Glib2 update commit required a package that my logs don't > show is required, and I've since asked him twice with no reply, I > do question things a bit more. > And yes. I finally had the time to verify, and it came down to a bad assumption. The build without gamin was performed in chroot (as the root user). By the time I added gamin, and retested, I was using an unprivileged user in a real environment, and so the test suite passed, but it didn't have a thing to do with gamin. I removed gamin, and retested...all is well with glib2. Sorry for the false alarm. -- DJ Lucas -- This message has been scanned for viruses and dangerous content, and is believed to be clean. -- http://linuxfromscratch.org/mailman/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
