Automatic updating of cacert.pem?

Question

Automatic updating of cacert.pem?

mhujer opened this issue 6 years ago · 3 comments

Currently the cacert.pem is not updated automatically and usually someone just opens a PR after the bundle is updated on https://curl.haxx.se/docs/caextract.html and I suppose there is a manual work needed to verify the diff.

I propose to do it somehow automatically - e.g. with Travis cron job. It can either download the .pem file from https://curl.haxx.se/docs/caextract.html or use the mk-ca-bundle tool to run the extraction during the build. It can also commit the extracted file (if it was changed). Afterwards only the tagging will be a manual action (maybe with some verification)

If you think it is a good idea, I can prepare it.

Answer 1 · 2018-12-21T09:55:57.000Z

Sounds good to me except for the commit I guess travis needs some github credentials/token, I guess I can create a bot account for it.

Answer 2 · 2018-12-21T09:56:38.000Z

To be honest tho it's not that much work, this stuff updates 3-4 times a year and it takes two minutes to update and tag, so if it takes you a lot of effort it's not really worth it.

Answer 3 · 2018-12-27T20:25:13.000Z

Thanks for the feedback, you are right, it is not worth the effort.