On Fri, 2013-06-07 at 12:17 -0400, Daniel Kahn Gillmor wrote: > On 06/07/2013 11:31 AM, Stef Walter wrote: > > > > I've been working to make p11-kit work with the update-ca-certificates > > script on OpenSUSE and Debian. I think they're pretty much the same, so > > I hope referring to them together is okay. > I've just forwarded this to the > <[email protected]> mailing list, which is > another place where discussion around PKI in Debian is taking place. > > I apologize for not having the time to review the specifics right now, > but i definitely support the general direction this proposal is taking.
Where are we with this? Four years on, Debian/Ubuntu still doesn't seem to have managed to ship p11-kit-trust.so as an "alternative" for libnssckbi.so (and in fact seem to have regressed to having *multiple* copies of libnssckbi.so with multiple incompatible versions of NSS, and doesn't even support the NSS "Shared System Database"). We end up with people having to jump through lots of nasty hoops just to install their own CA and have it actually work system-wide, which really ought to Just Work out of the box... https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741005 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704180 https://bugs.launchpad.net/ubuntu/+source/p11-kit/+bug/1647285 https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1648616 Is there any prospect of getting it fixed any time soon?
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ p11-glue mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/p11-glue
