Re: [PATCH] gnu: gnutls: Configure location of system-wide trust store

[Sree Harsha Totakura]

On 02/19/2014 03:08 PM, Andreas Enge wrote:
> The next question is, where do these certificates come from in our system?
> I think a reasonable solution would be to:
> - create a package with certificates (maybe inspired from those contained
>   in debian);
> - have gnutls depend on it, and use the gnutls configure flag to point to
>   /nix/store/xxx-our-certificates/etc/ssl/... .
> 
> I think this would be more in line with our approach than pointing to /etc.
> Also, if a certificate gets compromised and is withdrawn from the certificate
> package, this would force gnutls and all its dependencies to be recompiled.
> 
> What do you think?

I like this solution.

Sree