usage of reqwest rustls-tls-webpki-roots #25
Labels
enhancement
New feature or request
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
I'm looking at packaging this for Debian, and noticed the usage of
reqwest/rustls-tls-webpki-roots, this collides with our packaging policies as it duplicates the ca-certs into the binary, so that the binary have to be rebuilt if there is an update to the ca-certs.Describe the solution you'd like
Use
reqwest/rustls-tls-native-rootsinstead.Describe alternatives you've considered
I can just patch the crate to use
reqwest/rustls-tls-native-rootsmyself, but I thought that I should also bring this up here, in order to keep the diff betweenAdditional context
Technically this should maybe be a security issue, since it will be a security problem if a ca-cert gets compromised and the binary isn't rebuilt. But since it's so theoretical and other debate about the usage of webpki-roots is public I don't think there is a need to keep this secret.
Also see this comment for an analysis of the situation: rust-lang/rustup#3400 (comment)
The text was updated successfully, but these errors were encountered: