Hi, Andreas Enge <andr...@enge.fr> writes:
> On Wed, Feb 04, 2015 at 10:35:57AM -0500, Mark H Weaver wrote: >> I agree it would be good if upstream supported such a variable, so >> please do propose it to them! I think it has to be done upstream >> because of the potential security implications of setuid programs, as I >> mentioned in the thread a year ago. > > I asked the question on the gnutls mailing list, and Nikos replied that > we should use p11-kit. (Actually a package that is on my git stash, > because it caused problems for reasons I do not remember.) We could try > to get inspiration from fedora as explained in the thread: > http://lists.gnutls.org/pipermail/gnutls-devel/2015-February/007442.html I won't have much time this week to look closely, but in broad terms this sounds like the right approach to me. Thanks for working on it! Mark
