On Sun, 15 Dec 2013, Leif W wrote:

Thanks a lot for your contribution!

> So, if the intended purpose is to have an updated list of trusted
> certificates, what is the better choice, and why?

That's a very good question. Let me answer it and then tell you how I think we
should proceed:

I don't think we've done a lot of research into exactly which single source
tree and therefore which certdata.txt to use for this script. This more or
less "happened" and has proved to work - additional scrutiny and eyes on the
code exactly like you're helping with here is what we need to drive us into
taking a more active and intelligent decision.

> To me it would seem that a 1 year old list may not be the best default
> choice. The current browser release or the Aurora channel (pre-Beta) would
> seem to be the most recent, and presumably kept in sync in the nss tree.

I would suggest we do two things:

1 - we pick "current browser release" as the default set to use

2 - we introduce a new command line option for the script that allows users to
easier select to get the bundle from other trees, such as the aurora, central
or incoming repos.

How does that sound? You up to helping us make this happen?

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ:        http://curl.haxx.se/docs/faq.html
Etiquette:  http://curl.haxx.se/mail/etiquette.html