💾 Archived View for rawtext.club › ~sloum › geminilist › 006630.gmi captured on 2023-11-14 at 09:13:16. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2021-11-30)

-=-=-=-=-=-=-

<-- back to the mailing list

[tech] Pre-generated trust stores for various Gemini clients

Omar Polo op at omarpolo.com

Sun Jun 6 08:05:58 BST 2021

- - - - - - - - - - - - - - - - - - - 

nervuri <nervuri at disroot.org> writes:

I also want to encourage client authors to bunlde pre-generated trust
stores (verified from several perspectives) into their clients, to
protect the first connection. [...]

from a packager point of view I fear this can break badly.

On OSes that provides stable channels, the packages aren't updatefrequently. If you add to the mix that there are people using Let'sEncrypt (or similar) and thus change the certificate frequently, there'sa problem.

There is also another drawback to this, that it ties client authors tofrequent and periodic updates. Take elpher for example, it hasn't seencommits in a while now (since 2020-09-19 -- almost 9 months!), but it'sfine because the code still works.