Hi, It's been Guix policy to let people choose whether to install or not TLS root certificates and which one to their machine. While I applaud the idea to have the users make a conscious decision about it, in practice I suppose very few of us choose to *not* install any as that basically breaks using web browsers, especially ones like IceCat which (by default) ensures HTTPS is used on every page.
It apparently even makes it impossible to run 'guix pull', if I am to believe bug#62026. Should we do as in bug#62026 and have this package be part of the recommended basic installation? It'd be in the basic set of an operating-system packages (via its default %base-packages set). It could still be manipulated via the Guix API (filtered out/replaced with something else). Is anyone opposed to having nss-certs in %base-packages? -- Thanks, Maxim
