guix-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Should we include nss-certs out of the box?


From: Ludovic Courtès
Subject: Re: Should we include nss-certs out of the box?
Date: Wed, 10 Apr 2024 16:50:39 +0200
User-agent: Gnus/5.13 (Gnus v5.13)

Hi,

Maxim Cournoyer <maxim.cournoyer@gmail.com> skribis:

> It's been Guix policy to let people choose whether to install or not TLS
> root certificates and which one to their machine.  While I applaud the
> idea to have the users make a conscious decision about it, in practice I
> suppose very few of us choose to *not* install any as that basically
> breaks using web browsers, especially ones like IceCat which (by
> default) ensures HTTPS is used on every page.

Right.

> It apparently even makes it impossible to run 'guix pull', if I am to
> believe bug#62026.

I don’t think that’s the case: see use of ‘le-certs’ in (guix scripts
pull).

> Should we do as in bug#62026 and have this package be part of the
> recommended basic installation?  It'd be in the basic set of an
> operating-system packages (via its default %base-packages set).  It
> could still be manipulated via the Guix API (filtered out/replaced with
> something else).
>
> Is anyone opposed to having nss-certs in %base-packages?

No objection from me.  I’m partly responsible for the initial choice to
not include nss-certs by default, but as you write, most likely everyone
installs it these days.

Note that we’ll also need to remove that choice from the installer in
(gnu installer services).

Thanks!

Ludo’.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]