On Tue, Apr 23, 2024 at 03:17:14PM +0100, David Brownlee wrote: > However, while better checking of trust anchors is a better end state > - assuming I am understanding the situation correctly: in an > effectively unannounced change, pkgin on a -9 system without either > security/mozilla-rootcerts-openssl installed or /etc/openssl will now > just fail, including any attempt to install mozilla-rootcerts-openssl > to resolve.
Only if the binary pkgs repository URL was using https. Default setup used to be http: > This requires manual intervention to set an environment variable to > allow mozilla-rootcerts-openssl to be installed, or otherwise setup > /etc/openssl. That would appear to be an unhelpful change, to the > extent that I would propose pkgin on netbsd < 10 might be better to > default to disabling checking trust anchors (with a warning). Edit the URL, install mozilla-rootcerts-openssl, change the URL back. Martin
