Re: Bug#1052161: ITP: libmozilla-ca-perl -- Mozilla's CA cert bundle in PEM format

["Francesco P. Lovergine" <frankie@debian.org>]

On Tue, Sep 19, 2023 at 11:45:41AM +0200, Andreas Vögele wrote:
> Gregor Hermann writes:
>
> On Mon, 18 Sep 2023 17:48:33 +0200, Francesco P. Lovergine wrote:
> > > > [...] Maybe a wrapper could be tought for packages that have some optional dep on that? [...]
> > Given that we've had to patch only 3 packages (in pkg-perl) over the
> > last decades and that the patch is trivial, and given that a
> > Mozilla::CA package doing different things on Debian than upstream
> > would cause confusion, I recommend against going that way.
> >
> > Let's see what others on the list say.
>
> For example, the Mozilla::CA requirement can be removed from 
> Alien::Build::Plugin::Fetch::HTTPTiny in libalien-build-perl and be 
> replaced by a dependency on ca-certificates.
>
> https://github.com/PerlAlien/Alien-Build/blob/cfdc0e74364c05d62c50ed77345b480c93eb90ce/lib/Alien/Build/Plugin/Fetch/HTTPTiny.pm#L62
>
> HTTP::Tiny uses the system's certificates if Mozilla::CA is not available.
>
> https://github.com/chansen/p5-http-tiny/blob/2f17ba0a6c979b8c37feef830861eeb633484358/lib/HTTP/Tiny.pm#L1640
>
> I've been using a personal libalien-build-perl package without 
> Mozilla::CA for a long time.

Mmmmhhh, it's me or the idea of potentially patching 79 rev-deps on Mozilla::CA 
seems not a great idea?

https://metacpan.org/module/Mozilla::CA/requires?p=1&size=100

Of course, probably some rdeps could be adaptive and skip Mozilla::CA
when not available, but anyway...


--
Francesco P. Lovergine