On 2007.07.06 16:39:18 -0500, Brooks Davis wrote: > On Thu, Jun 07, 2007 at 03:03:59PM -0500, Brooks Davis wrote: > > On Thu, Jun 07, 2007 at 09:45:28PM +0200, Simon L. Nielsen wrote: > > > On 2007.06.07 19:41:15 +0000, Simon L. Nielsen wrote: > > > > simon 2007-06-07 19:41:15 UTC > > > > > > > > FreeBSD ports repository > > > > > > > > Modified files: > > > > security/ca-roots Makefile > > > > Log: > > > > Deprecated and set one month expiration since it's not supported by > > > > the FreeBSD Security Officer anymore. > > > > > > > > The current ca-roots port makes promises with regard to CA > > > > verification > > > > which the current Security Officer (and deputy) do not want to make. > > > > > > brooks@ has a new port which has a list of CA's (I think he said it > > > was extracted on-the-fly from OpenSSL but I can't recall for sure), > > > which will should be committed soonish. This will not be a direct > > > replacement for ca-roots wrt. guarantees of the CA's, but can probably > > > be used in most cases where ca-roots is used today. > > > > It's actually the set from the Mozilla Project's nss library. If you > > use an open source web browser this is the set of CAs you trust by > > default. There's a tarball of the current version at: > > > > http://people.freebsd.org/~brooks/ports/ca_root_nss.tar.gz > > > > It's slighlty ugly in that it requres the nss dist file and the mod_ssl > > distfile, but it works. > > I've committed security/ca_root_nss.
Great, thanks! I plan to remove the ca_root port soonish. -- Simon L. Nielsen _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "[EMAIL PROTECTED]"
