[OE-core] Regarding ca-certificates & its usage

[Anders Darander]

Chris Larson <clarson at kergoth.com> wrote:
>I'm emailing as I think we should determine when and where
>ca-certificates gets pulled into images and sdks. Should we add it as a
>RRECOMMENDS to openssl and gnutls, or should it continue to be pulled
>in manually when and where appropriate? I'm not really familiar enough
>with openssl and gnutls use cases to say, so I'm hoping someone else
>has an opinion on this. Thanks,

Well, I intended to suggest that we keep the current situation, as I can see quite a few use-cases where you're using openssl or gnutls, and only want your embedded system to connect to your own server. In such cases, it makes a lot of sense to only supply the certificate k and our root certificates) that your going to trust. 

OTOH, we're now having support for BAF_RECOMMENDS for all packaging systems, so aging an RRECOMMENDS to openssl and gnutls wouldn't be any huge problem. 

For newcomers it might make more sense to have the RRECOMMENDS set. 

So after all, my strong initial feeling is now rather ambivalent....

Cheers, 
Anders 


-- 
ChargeStorm AB / eStorm