On Tue, 2020-11-03 at 20:45 +, kpcyrd wrote:
> It's more complicated than that, there's rustls-native-certs to use the
> local certificate store, but the patch would be so invasive that debian
> would effectively maintain a fork. At the time of writing webpki-roots
> has 85 reverse dependencie
On Sat, Oct 24, 2020 at 11:50:14AM +0800, Paul Wise wrote:
> > This is a very non-trivial downstream patch though, the project I'm
> > trying to package runs in a sandbox and loading certificates from disk
> > at runtime is not possible without redesigning some things.
>
> One option to solve this
On Sat, 24 Oct 2020 11:50:14 +0800 Paul Wise wrote:
On Sat, 2020-10-24 at 03:06 +, kpcyrd wrote:
> Yes, running the build.py script would cause reproducible builds issues
> because it's used to take snapshots of Mozilla's trusted root CA
> certificates.
Hmm, I assume that is because it wou
On Sat, 2020-10-24 at 03:06 +, kpcyrd wrote:
> Yes, running the build.py script would cause reproducible builds issues
> because it's used to take snapshots of Mozilla's trusted root CA
> certificates.
Hmm, I assume that is because it would build from the current snapshot
each time it is run?
On Sat, Oct 24, 2020 at 09:42:40AM +0800, Paul Wise wrote:
> Source: rust-webpki-roots
> Severity: serious
> Tags: security
> X-Debbugs-Cc: Debian Security Team , kpcyrd
>
> Usertags: embed
>
> rust-webpki-roots is essentially a duplicate of ca-certificates.
>
> https://tracker.debian.org/pkg/c
Source: rust-webpki-roots
Severity: serious
Tags: security
X-Debbugs-Cc: Debian Security Team , kpcyrd
Usertags: embed
rust-webpki-roots is essentially a duplicate of ca-certificates.
https://tracker.debian.org/pkg/ca-certificates
https://wiki.debian.org/EmbeddedCopies
AFAICT, rebuilding the p
6 matches
Mail list logo