Re: Bug#1052161: ITP: libmozilla-ca-perl -- Mozilla's CA cert bundle in PEM format

["Francesco P. Lovergine" <frankie@debian.org>]

On Wed, Sep 20, 2023 at 08:06:57AM +0200, Andreas Vögele wrote:
> Francesco P. Lovergine wrote:
> > I would simply patch Mozilla::CA to have SSL_ca_file() returning the 
> > Debian directory /usr/share/ca-certificates/mozilla instead of the 
> > cacert.pem file. That would avoid to patch third-parties code that 
> > eventually use explicitly the modules. This is compatible with the 
> > IO::Socket::SSL module.
> >
> > Does it make sense?
>
> Fedora patches Mozilla::CA: 
> https://src.fedoraproject.org/rpms/perl-Mozilla-CA/tree/rawhide
>
> I'd use /etc/ssl/certs/ca-certificates.crt instead of 
> /usr/share/ca-certificates/mozilla, though.

Yes, it makes sense for me for the reasons I already expressed. I see
they are removing the bundle already installed by previois versions
of the package (probably). And yes, for some reason we have both 
the unified file and the single pems in place. Using
a single file is optional for the SSL Perl module, but it does not hurt.

If anyone had not more objections, I would manage for that solution.

--
Francesco P. Lovergine