<-- back to the mailing list

[tech] Pre-generated trust stores for various Gemini clients

Stephane Bortzmeyer stephane at sources.org

Mon Jun 7 08:00:01 BST 2021

- - - - - - - - - - - - - - - - - - - 

On Sun, Jun 06, 2021 at 09:05:58AM +0200, Omar Polo <op at omarpolo.com> wrote a message of 18 lines which said:

from a packager point of view I fear this can break badly.
On OSes that provides stable channels, the packages aren't update
frequently.

Yes, they must be retrieved online.

If you add to the mix that there are people using Let's
Encrypt (or similar) and thus change the certificate frequently, there's
a problem.

It depends if your check the entire certificate or just the publickey. The later seems more reasonable to me, and can be kept intactwhen renewing the Let's Encrypt certificate.