On Fri, 20 Jan 2023 17:54:15 +0100 (CET)
free...@oldach.net (Helge Oldach) wrote:
> Michael Gmelin wrote on Fri, 20 Jan 2023 17:31:43 +0100 (CET):
> > The CA_BUNDLE knob was enabled on ftp/curl by default for many years
> > and was just recently disabled (in c63a8f65af, just in time for
> > 2023Q1), which caused fall-out, e.g.:
> > https://lists.freebsd.org/archives/dev-commits-ports-all/2023-January/050433.html
> >
>
> That was changed accidentally and is reverted, so the case is
> irrelevant in the light of this discussion.
>
The disabling of CA_BUNDLE served as an example (hence "e.g., the
removal...").
My point is that the change should be done in a way that gives users a
chance to avoid breakage/unpleasant surprises.
By the way, I noticed that fetch(1)[0] and fetch(3) man pages should
probably be updated to reflect having CA certs in base (and definitely
stop recommending the installation of ca_root_nss). I'll take care
of that soonish.
Cheers
[0]https://cgit.freebsd.org/src/tree/usr.bin/fetch/fetch.1
--
Michael Gmelin
