On Mon, 2019-01-14 at 10:33 -0500, Daniel Kahn Gillmor wrote: > On Sun 2019-01-13 19:07:42 +0100, Andreas Metzler wrote: > > The coding would be straightforward afaict. > > > > https://salsa.debian.org/gnutls-team/p11-kit/commits/tmp-704180-divertnss > > I like the looks of this, though perhaps we want to name the new package > p11-kit-trust to be more in line with the name given by other distros.
In Fedora it's called p11-kit-trust and it's pulled in by default as a dependency of various other packages including NSS and GnuTLS. In fact I think GnuTLS is built to use it as its default trust store, so not installing it isn't really a possibility. It also provides the standard update-ca-certificates mechanism which manages the CAs used by OpenSSL. They use alternatives so that if the user really wants to disable it for NSS and use the standard libnssckbi.so for NSS, they can.
smime.p7s
Description: S/MIME cryptographic signature
