Re: basilisk-browser

To: debian-user@lists.debian.org
Subject: Re: basilisk-browser
From: Roberto C. Sánchez <roberto@debian.org>
Date: Fri, 19 Oct 2018 09:33:30 -0400
Message-id: <[🔎] 20181019133330.hyuw3m64ei7dr5sh@connexer.com>
Mail-followup-to: Roberto C. Sánchez <roberto@debian.org>, debian-user@lists.debian.org
In-reply-to: <[🔎] 20181019092816.s4idw2hr62ec7dve@i5378.home>
References: <[🔎] 102be87c-5702-4996-825d-ab69eb09e71c@unix-solution.de> <[🔎] 20181018080242.GB6439@tuxteam.de> <[🔎] 20181018084944.rrwpnfuxxhi2h4la@i5378.home> <[🔎] 5BC91390.5070002@optonline.net> <[🔎] 20181019063626.h7njgmjegbvushv4@i5378.home> <[🔎] EA1B3491-9C53-46B2-A411-9EA427574753@debian.org> <[🔎] 20181019092816.s4idw2hr62ec7dve@i5378.home>

On Fri, Oct 19, 2018 at 12:28:16PM +0300, Reco wrote:
> 
> Ridiculous or not, but stable's firefox-esr contains their own private
> version of NSS - [1]. Same for the thunderbird.
> But they try to keep it sane, so at least firefox does not embed
> 'correct' version of GTK3, for example.
> 

That is very frustrating because there was a time when those
Mozilla-related packages used the system libnss.  Modifying the system
libnss to include an additional cetificate authority was the closest I
could get to deploying an internal CA within a network of Debian
machines (similar to how a Windows admin can push a CA to a bunch of
Windows machines via GPO).

However, they switched to bundled libnss at some point and my choices
became either rebuild each Mozilla-related package (FF, TB, etc.) or
have users manually install the CA.  Rebuilding those packages wasn't
worth the trouble.

It is really frustrating as this is one of those nagging inconveniences
(the lack of a standardized system-wide certificate store that is
actually used by all applications) of Linux that seems like it really
should have been resolved by now.

Regards,

-Roberto
-- 
Roberto C. Sánchez

Reply to:

References:
- basilisk-browser
  - From: basti <mailinglist@unix-solution.de>
- Re: basilisk-browser
  - From: <tomas@tuxteam.de>
- Re: basilisk-browser
  - From: Reco <recoverym4n@enotuniq.net>
- Re: basilisk-browser
  - From: Doug <dmcgarrett@optonline.net>
- Re: basilisk-browser
  - From: Reco <recoverym4n@enotuniq.net>
- Re: basilisk-browser
  - From: Dominik George <natureshadow@debian.org>
- Re: basilisk-browser
  - From: Reco <recoverym4n@enotuniq.net>

Prev by Date: masqmail error
Next by Date: Why does sound encoded with mencoder crackle in debian stretch but not in buster?
Previous by thread: Re: basilisk-browser
Next by thread: Re: basilisk-browser
Index(es):
- Date
- Thread