[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: Using system SSL certificates...
From:       Thomas McGuire <mcguire () kde ! org>
Date:       2010-02-21 13:44:01
Message-ID: 201002211444.08007.mcguire () kde ! org
[Download RAW message or body]


Hi,

On Friday 29 January 2010 01:26:11 Andreas Hartmetz wrote:
> I don't think anymore that it is a good idea to ship our own certificate
> bundle with KDE *on Linux*. Good Linux distributions have more resources
> and do a good job at maintaining a set of certificates. On some platforms
> we will probably always have to ship our own certificates or maybe add an
> interface to the native certificate store API (I'd rather not).
> That said, if and when I make this change I will also (re)add some GUI to
> add certificates on top of system certificates, and maybe a blacklist for
> unwanted system certificates too.
> Encouragement? Protest?
> (Currently there is no client certificate support because I didn't get
> around to doing it, this is also something I want to add at some point. No
> need for discussion.)

I think it would be best if Qt would use the system certificates, and KDE 
would use whatever Qt uses, i.e. also the system certificates. That way, we 
could get updates to the certificates without the waiting for the next Qt 
version. The distros of course have to ship the package for the system 
certificates.

I just got contacted by someone who requested inclusion of a certificate into 
KDE, see http://bugs.kde.org/show_bug.cgi?id=149732. Since there is no action 
from our side on that bug report for more than 2 years, it is quite clear that 
we at KDE can not maintain a certificate list ourselves.

Regards,
Thomas

["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]