p11-kit trust module on Debian and OpenSUSE

David Woodhouse dwmw2 at infradead.org
Wed Jul 26 15:29:18 UTC 2017

On Fri, 2013-06-07 at 12:17 -0400, Daniel Kahn Gillmor wrote:
> On 06/07/2013 11:31 AM, Stef Walter wrote:
> > 
> > I've been working to make p11-kit work with the update-ca-certificates
> > script on OpenSUSE and Debian. I think they're pretty much the same, so
> > I hope referring to them together is okay.
> I've just forwarded this to the
> <pkg-auth-maintainers at lists.alioth.debian.org> mailing list, which is
> another place where discussion around PKI in Debian is taking place.
> I apologize for not having the time to review the specifics right now,
> but i definitely support the general direction this proposal is taking.

Where are we with this? Four years on, Debian/Ubuntu still doesn't seem
to have managed to ship p11-kit-trust.so as an "alternative" for
libnssckbi.so (and in fact seem to have regressed to having *multiple*
copies of libnssckbi.so with multiple incompatible versions of NSS, and
doesn't even support the NSS "Shared System Database").

We end up with people having to jump through lots of nasty hoops just
to install their own CA and have it actually work system-wide, which
really ought to Just Work out of the box...


Is there any prospect of getting it fixed any time soon?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4938 bytes
Desc: not available
URL: <https://lists.freedesktop.org/archives/p11-glue/attachments/20170726/946b6a9a/attachment.bin>

More information about the p11-glue mailing list