crepererum commented on PR #5030: URL: https://github.com/apache/arrow-rs/pull/5030#issuecomment-1792112417
If you wanna have a default, IMHO this should be "system" rather than "webpki" for the following reasons: - CAs should be a system admin config, not an application choice - related to prev. point: bundles CAs don't play nice with all sorts things people want (or have to) do, like TLS interception (for debugging or compliance reasons), hardening (e.g. by restricting the set of CAs) - also related to first point: having one set of CAs makes packaging way easier (ref: [Arch Linux change](https://archlinux.org/todo/use-system-ca-store/)) - license issues (webpki-roots is MPL-2.0, which strictly speaking is a copyleft license and way weaker than what is standard in the Rust ecosystem) - you easily have multiple bundles in a single application (anecdotal evidence: InfluxDB IOx had THREE different bundles at some point) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
