Date: Thu, 3 Jul 2014 19:35:55 -0700 From: John-Mark Gurney <jmg@funkthat.com> To: d@delphij.net Cc: Ben Laurie <benl@freebsd.org>, freebsd-security@freebsd.org, re <re@freebsd.org>, Jung-uk Kim <jkim@freebsd.org>, gecko@freebsd.org Subject: Re: RFC: Proposal: Install a /etc/ssl/cert.pem by default? Message-ID: <20140704023555.GT45513@funkthat.com> In-Reply-To: <53B499B1.4090003@delphij.net> References: <53B499B1.4090003@delphij.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Xin Li wrote this message on Wed, Jul 02, 2014 at 16:45 -0700:
> 1. Import a set of trusted root certificates, and install if
> MK_OPENSSL is yes, to /usr/share/misc/ca-root-freebsd.pem;
My only comment on this is that we (committers) or -core needs to decide
how certs are added/removed... If it's mirror mozzila's cert repo, then
that's fine, but if we don't have a policy, what will we do when other
CA's contact someone at FreeBSD wanting to get their cert included by
default?
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140704023555.GT45513>