nervuri <nervuri@disroot.org> writes: > I also want to encourage client authors to bunlde pre-generated trust > stores (verified from several perspectives) into their clients, to > protect the first connection. [...] from a packager point of view I fear this can break badly. On OSes that provides stable channels, the packages aren't update frequently. If you add to the mix that there are people using Let's Encrypt (or similar) and thus change the certificate frequently, there's a problem. There is also another drawback to this, that it ties client authors to frequent and periodic updates. Take elpher for example, it hasn't seen commits in a while now (since 2020-09-19 -- almost 9 months!), but it's fine because the code still works.
---
Previous in thread (11 of 15): 🗣️ Frank Jüdes (Frank.Juedes (a) linux4specialists.com)
Next in thread (13 of 15): 🗣️ Almaember (almaember (a) disroot.org)