Re: ca-certificates-java changes

To: debian-java@lists.debian.org
Subject: Re: ca-certificates-java changes
From: Emmanuel Bourg <ebourg@apache.org>
Date: Thu, 12 Oct 2017 12:44:43 +0200
Message-id: <[🔎] 6cfa552b-41a1-bf64-1e73-2735e9e77407@apache.org>
In-reply-to: <[🔎] 5b7db05f-383b-0147-24f1-e5c8c3e6d8de@apache.org>
References: <E1dy5kN-0003iW-PH@fasolo.debian.org> <b506ee88-abf3-ed85-0981-6702147051ce@apache.org> <alpine.DEB.2.20.1709301708360.22179@tglase.lan.tarent.de> <[🔎] 5b7db05f-383b-0147-24f1-e5c8c3e6d8de@apache.org>

Le 12/10/2017 à 11:58, Emmanuel Bourg a écrit :

> 2. ca-certificates-java still generates a keystore from the Debian
> certificates but with a different name (cacerts-debian for example).
> 3. Patch openjdk to use cacerts-debian in priority if it exists, and
> default to cacerts otherwise.

Another thought: maybe we could use a symlink managed by the
alternatives system instead of patching OpenJDK to look for
cacerts-debian. This would be even better since some Java applications
may open cacerts directly from its path, and since they are unlikely to
know about cacerts-debian they would load the wrong keystore.

Emmanuel Bourg

Reply to:

References:
- Re: ca-certificates-java changes
  - From: Emmanuel Bourg <ebourg@apache.org>

Prev by Date: Re: ca-certificates-java changes
Next by Date: Re: ca-certificates-java_20170930_source.changes ACCEPTED into unstable
Previous by thread: Re: ca-certificates-java changes
Next by thread: Re: ca-certificates-java changes
Index(es):
- Date
- Thread