Root certificate in source tree placement

Ethan Blanton elb at
Mon Aug 13 10:17:34 EDT 2007

Ka-Hing Cheung spake unto us the following wisdom:
> Is it really necessary for pidgin to install its own set of root
> certificates? On debian systems, they are already available
> in /usr/share/ca-certificates . I think it would be better if we can
> offload the burden of updating those certificates to distributions.

Yes, I believe it is desirable, the same as it is desirable for
Mozilla et al.  William and I have discussed this already, and the
plan is to ship with some (minimal) set of certificates, and provide
configure-time options for locating distribution-wide certificates if
desired.  Not only can we not count on distributions having a
system-wide stash at *all* (particularly given that we run on ancient
distributions), but every distribution has their own, different plan
for locating and installing certificates.  We feel it is best to
install a minimal set to /usr/share/purple (or whatever), perhaps
unless asked not to, and to support a --with-ca-store= type configure
switch for using the distro-supplied list when available.


The laws that forbid the carrying of arms are laws [that have no remedy
for evils].  They disarm only those who are neither inclined nor
determined to commit crimes.
		-- Cesare Beccaria, "On Crimes and Punishments", 1764
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <>

More information about the Devel mailing list