Date: Thu, 3 Jul 2014 18:12:43 -0700 From: Eitan Adler <lists@eitanadler.com> To: Jonathan Anderson <jonathan@freebsd.org> Cc: freebsd-security@freebsd.org Subject: Re: RFC: Proposal: Install a /etc/ssl/cert.pem by default? Message-ID: <CAF6rxg=U%2BVaDjF9SGc-zPHPYm%2BD2f0=oLnq1Brh_EkeVv2HNJA@mail.gmail.com> In-Reply-To: <53B5FD51.4050309@FreeBSD.org> References: <53B499B1.4090003@delphij.net> <53B4B7FB.6070407@FreeBSD.org> <53B56F49.7030109@FreeBSD.org> <CAF6rxgmsoJCnCpnGKUXe0jnPEgGNm3BB_SF73vLOkK5X9pOoPw@mail.gmail.com> <20140703221448.GA99094@calvin.ustdmz.roe.ch> <53B5FD51.4050309@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 3 July 2014 18:03, Jonathan Anderson <jonathan@freebsd.org> wrote: > Put another way, /etc/ssl and /usr/local/etc/ssl are additive, not > subtractive: we can make it easy for users to install whatever CA bundles > they like, but if you put a bad CA cert in the base system, I have to > manually patch the base system, even in environments where I'd rather use > binary releases and freebsd-update. Lets turn it into a config file then? Why does this have to happen at install time? We are just dealing with defaults here. In general, the default system should Just Work. -- Eitan Adler
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAF6rxg=U%2BVaDjF9SGc-zPHPYm%2BD2f0=oLnq1Brh_EkeVv2HNJA>