Date: Sat, 7 Jul 2007 00:42:01 +0200 From: "Simon L. Nielsen" <simon@FreeBSD.org> To: Brooks Davis <brooks@FreeBSD.org> Cc: cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org, ports-committers@FreeBSD.org Subject: Re: cvs commit: ports/security/ca-roots Makefile Message-ID: <20070706224200.GA37690@zaphod.nitro.dk> In-Reply-To: <20070706213918.GA69646@lor.one-eyed-alien.net> References: <200706071941.l57JfFNw026347@repoman.freebsd.org> <20070607194527.GB1193@zaphod.nitro.dk> <20070607200359.GC6467@lor.one-eyed-alien.net> <20070706213918.GA69646@lor.one-eyed-alien.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2007.07.06 16:39:18 -0500, Brooks Davis wrote: > On Thu, Jun 07, 2007 at 03:03:59PM -0500, Brooks Davis wrote: > > On Thu, Jun 07, 2007 at 09:45:28PM +0200, Simon L. Nielsen wrote: > > > On 2007.06.07 19:41:15 +0000, Simon L. Nielsen wrote: > > > > simon 2007-06-07 19:41:15 UTC > > > > > > > > FreeBSD ports repository > > > > > > > > Modified files: > > > > security/ca-roots Makefile > > > > Log: > > > > Deprecated and set one month expiration since it's not supported by > > > > the FreeBSD Security Officer anymore. > > > > > > > > The current ca-roots port makes promises with regard to CA verification > > > > which the current Security Officer (and deputy) do not want to make. > > > > > > brooks@ has a new port which has a list of CA's (I think he said it > > > was extracted on-the-fly from OpenSSL but I can't recall for sure), > > > which will should be committed soonish. This will not be a direct > > > replacement for ca-roots wrt. guarantees of the CA's, but can probably > > > be used in most cases where ca-roots is used today. > > > > It's actually the set from the Mozilla Project's nss library. If you > > use an open source web browser this is the set of CAs you trust by > > default. There's a tarball of the current version at: > > > > http://people.freebsd.org/~brooks/ports/ca_root_nss.tar.gz > > > > It's slighlty ugly in that it requres the nss dist file and the mod_ssl > > distfile, but it works. > > I've committed security/ca_root_nss. Great, thanks! I plan to remove the ca_root port soonish. -- Simon L. Nielsen
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070706224200.GA37690>