Date: Thu, 7 Jun 2007 15:03:59 -0500 From: Brooks Davis <brooks@FreeBSD.org> To: "Simon L. Nielsen" <simon@FreeBSD.org> Cc: cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org, ports-committers@FreeBSD.org Subject: Re: cvs commit: ports/security/ca-roots Makefile Message-ID: <20070607200359.GC6467@lor.one-eyed-alien.net> In-Reply-To: <20070607194527.GB1193@zaphod.nitro.dk> References: <200706071941.l57JfFNw026347@repoman.freebsd.org> <20070607194527.GB1193@zaphod.nitro.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
--mvpLiMfbWzRoNl4x Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jun 07, 2007 at 09:45:28PM +0200, Simon L. Nielsen wrote: > On 2007.06.07 19:41:15 +0000, Simon L. Nielsen wrote: > > simon 2007-06-07 19:41:15 UTC > >=20 > > FreeBSD ports repository > >=20 > > Modified files: > > security/ca-roots Makefile=20 > > Log: > > Deprecated and set one month expiration since it's not supported by > > the FreeBSD Security Officer anymore. > > =20 > > The current ca-roots port makes promises with regard to CA verificati= on > > which the current Security Officer (and deputy) do not want to make. >=20 > brooks@ has a new port which has a list of CA's (I think he said it > was extracted on-the-fly from OpenSSL but I can't recall for sure), > which will should be committed soonish. This will not be a direct > replacement for ca-roots wrt. guarantees of the CA's, but can probably > be used in most cases where ca-roots is used today. It's actually the set from the Mozilla Project's nss library. If you use an open source web browser this is the set of CAs you trust by default. There's a tarball of the current version at: http://people.freebsd.org/~brooks/ports/ca_root_nss.tar.gz It's slighlty ugly in that it requres the nss dist file and the mod_ssl distfile, but it works. -- Brooks --mvpLiMfbWzRoNl4x Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (FreeBSD) iD8DBQFGaGSvXY6L6fI4GtQRAnu3AKCz7yyFG+uOl/5LPBa1uhg2J0o8iwCeP8K/ 8oR5bC5MkGCrDph8dUZVcR8= =jusT -----END PGP SIGNATURE----- --mvpLiMfbWzRoNl4x--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070607200359.GC6467>