From owner-cvs-all@FreeBSD.ORG Fri Jul 6 21:39:08 2007 Return-Path: X-Original-To: cvs-all@FreeBSD.org Delivered-To: cvs-all@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 4E87C16A4D5; Fri, 6 Jul 2007 21:39:08 +0000 (UTC) (envelope-from brooks@lor.one-eyed-alien.net) Received: from lor.one-eyed-alien.net (grnl-static-02-0046.dsl.iowatelecom.net [69.66.56.110]) by mx1.freebsd.org (Postfix) with ESMTP id C55E213C45B; Fri, 6 Jul 2007 21:39:07 +0000 (UTC) (envelope-from brooks@lor.one-eyed-alien.net) Received: from lor.one-eyed-alien.net (localhost [127.0.0.1]) by lor.one-eyed-alien.net (8.13.8/8.13.8) with ESMTP id l66LdIju069700; Fri, 6 Jul 2007 16:39:18 -0500 (CDT) (envelope-from brooks@lor.one-eyed-alien.net) Received: (from brooks@localhost) by lor.one-eyed-alien.net (8.13.8/8.13.8/Submit) id l66LdIsF069699; Fri, 6 Jul 2007 16:39:18 -0500 (CDT) (envelope-from brooks) Date: Fri, 6 Jul 2007 16:39:18 -0500 From: Brooks Davis To: Brooks Davis Message-ID: <20070706213918.GA69646@lor.one-eyed-alien.net> References: <200706071941.l57JfFNw026347@repoman.freebsd.org> <20070607194527.GB1193@zaphod.nitro.dk> <20070607200359.GC6467@lor.one-eyed-alien.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="C7zPtVaVf+AK4Oqc" Content-Disposition: inline In-Reply-To: <20070607200359.GC6467@lor.one-eyed-alien.net> User-Agent: Mutt/1.5.15 (2007-04-06) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-3.0 (lor.one-eyed-alien.net [127.0.0.1]); Fri, 06 Jul 2007 16:39:18 -0500 (CDT) Cc: cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org, "Simon L. Nielsen" , ports-committers@FreeBSD.org Subject: Re: cvs commit: ports/security/ca-roots Makefile X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jul 2007 21:39:08 -0000 --C7zPtVaVf+AK4Oqc Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jun 07, 2007 at 03:03:59PM -0500, Brooks Davis wrote: > On Thu, Jun 07, 2007 at 09:45:28PM +0200, Simon L. Nielsen wrote: > > On 2007.06.07 19:41:15 +0000, Simon L. Nielsen wrote: > > > simon 2007-06-07 19:41:15 UTC > > >=20 > > > FreeBSD ports repository > > >=20 > > > Modified files: > > > security/ca-roots Makefile=20 > > > Log: > > > Deprecated and set one month expiration since it's not supported by > > > the FreeBSD Security Officer anymore. > > > =20 > > > The current ca-roots port makes promises with regard to CA verifica= tion > > > which the current Security Officer (and deputy) do not want to make. > >=20 > > brooks@ has a new port which has a list of CA's (I think he said it > > was extracted on-the-fly from OpenSSL but I can't recall for sure), > > which will should be committed soonish. This will not be a direct > > replacement for ca-roots wrt. guarantees of the CA's, but can probably > > be used in most cases where ca-roots is used today. >=20 > It's actually the set from the Mozilla Project's nss library. If you > use an open source web browser this is the set of CAs you trust by > default. There's a tarball of the current version at: >=20 > http://people.freebsd.org/~brooks/ports/ca_root_nss.tar.gz >=20 > It's slighlty ugly in that it requres the nss dist file and the mod_ssl > distfile, but it works. I've committed security/ca_root_nss. -- Brooks --C7zPtVaVf+AK4Oqc Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (FreeBSD) iD8DBQFGjraFXY6L6fI4GtQRAkT4AKC3Wx+UB+mDXyQu4Ry8WM9JlAaqvACeKmw1 bbsj+QTsegncjeatIziQUFE= =HdPL -----END PGP SIGNATURE----- --C7zPtVaVf+AK4Oqc--