Comment 1 for bug 1078947

The code is writtend to *require* the distribution to make a secure decision about the signing dir. The signing dir holds certificates that, on a shared machine, should not be accessable to other users, or there is the potential for a security violation.

The only directory that we can trust be default is $HOME. For Distributions, the signing dir must be specified.