From kde-core-devel Sun Feb 21 13:44:01 2010 From: Thomas McGuire Date: Sun, 21 Feb 2010 13:44:01 +0000 To: kde-core-devel Subject: Re: Using system SSL certificates... Message-Id: <201002211444.08007.mcguire () kde ! org> X-MARC-Message: https://marc.info/?l=kde-core-devel&m=126675993022343 MIME-Version: 1 Content-Type: multipart/mixed; boundary="--nextPart15643398.ZvY4ipErZE" --nextPart15643398.ZvY4ipErZE Content-Type: Text/Plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi, On Friday 29 January 2010 01:26:11 Andreas Hartmetz wrote: > I don't think anymore that it is a good idea to ship our own certificate > bundle with KDE *on Linux*. Good Linux distributions have more resources > and do a good job at maintaining a set of certificates. On some platforms > we will probably always have to ship our own certificates or maybe add an > interface to the native certificate store API (I'd rather not). > That said, if and when I make this change I will also (re)add some GUI to > add certificates on top of system certificates, and maybe a blacklist for > unwanted system certificates too. > Encouragement? Protest? > (Currently there is no client certificate support because I didn't get > around to doing it, this is also something I want to add at some point. No > need for discussion.) I think it would be best if Qt would use the system certificates, and KDE=20 would use whatever Qt uses, i.e. also the system certificates. That way, we= =20 could get updates to the certificates without the waiting for the next Qt=20 version. The distros of course have to ship the package for the system=20 certificates. I just got contacted by someone who requested inclusion of a certificate in= to=20 KDE, see http://bugs.kde.org/show_bug.cgi?id=3D149732. Since there is no ac= tion=20 from our side on that bug report for more than 2 years, it is quite clear t= hat=20 we at KDE can not maintain a certificate list ourselves. Regards, Thomas --nextPart15643398.ZvY4ipErZE Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEABECAAYFAkuBOKcACgkQKglv3sO8a1NmOQCgwBlrj5eIBq25oPdzdLb401J4 ozsAnj3o32DHR+JVeSjQVSo7YZhUuGpc =/TOP -----END PGP SIGNATURE----- --nextPart15643398.ZvY4ipErZE--