Keeping root certificate store up to date
During demo there was an openssl error that brought up the discussion about the root CA store for the containers.
How are we ensuring that the containers have an up-to-date CA store?
- Update ca-certificates in the container and require gitlab version updates to pick up CA changes?
- Mount certificates from the host CA store and rely on the host being up to date?
- Have both as options?