Am 20.04.22 um 17:22 schrieb Maxime Devos:
(from Hartmut Goebel, at <>)
Neither python-certifi nor gocertifi build on nss-cert. Addind some 
update mechanism into the Guix package is not a good idea IMO: This 
would make “erlang-certif@2.9.0“ contain different certificates
than the release 2.9.0, making debugging a hell.
... but I don't follow, it's just a different set of certificates, could
you elaborate? 

This argument is just about keeping the actual content of a package aligned with the content of the official release. This is a is less impotent argument then what I wrote in <>:

All these contain a copy of the/a CA
bundle — which is the idea of these packages: „useful for systems that
do not have CA bundles“.

Anyhow: Your proposal is to make upstream packages get rid of these bundles. Will this being quite some work.

An alternative approach could be to patch these packages, much like Liliana suggested („mock“).

Hartmut Goebel

| Hartmut Goebel          |               |
| | compilers which you thought are impossible |