On Tue, Apr 21, 2020 at 06:17:58PM +0200, Pierre Neidhardt wrote: > Note that the "--expose=/etc/ssl/certs/" is important. > > Should we consider this a bug? If not, then should we document > it?
No, it's not a bug. TLS X.509 certificates need to be looked up dynamically at run-time, because their validity depends on the current time. We need to be able to change the certificates without requiring the packages that use them to rebuild. Otherwise built packages would become obsolete just because some time has passed.
signature.asc
Description: PGP signature
