Omar Polo op at omarpolo.com
Sun Jun 6 08:05:58 BST 2021
- - - - - - - - - - - - - - - - - - -
nervuri <nervuri at disroot.org> writes:
I also want to encourage client authors to bunlde pre-generated trust
stores (verified from several perspectives) into their clients, to
protect the first connection. [...]
from a packager point of view I fear this can break badly.
On OSes that provides stable channels, the packages aren't updatefrequently. If you add to the mix that there are people using Let'sEncrypt (or similar) and thus change the certificate frequently, there'sa problem.
There is also another drawback to this, that it ties client authors tofrequent and periodic updates. Take elpher for example, it hasn't seencommits in a while now (since 2020-09-19 -- almost 9 months!), but it'sfine because the code still works.