bug#55043: Some packages depend on nss-certs, some bundle it.

[Hartmut Goebel]

Am 20.04.22 um 17:22 schrieb Maxime Devos:

> > (from Hartmut Goebel, at <https://issues.guix.gnu.org/54796#52>)
> > Neither python-certifi nor gocertifi build on nss-cert. Addind some 
> > update mechanism into the Guix package is not a good idea IMO: This 
> > would make “erlang-certif@2.9.0“ contain different certificates
> > than the release 2.9.0, making debugging a hell.
> >       
> ... but I don't follow, it's just a different set of certificates, could
> you elaborate?
>

This argument is just about keeping the actual content of a package aligned with the content of the official release. This is a is less impotent argument then what I wrote in <https://issues.guix.gnu.org/54796#52>:

All these contain a copy of the/a CA

bundle — which is the idea of these packages: „useful for systems that

do not have CA bundles“.

Anyhow: Your proposal is to make upstream packages get rid of these bundles. Will this being quite some work.

An alternative approach could be to patch these packages, much like Liliana suggested („mock“).

-- 
Regards
Hartmut Goebel

| Hartmut Goebel          | h.goebel@crazy-compilers.com               |
| www.crazy-compilers.com | compilers which you thought are impossible |