coypu%sdf.org@localhost writes: > It is currently useful and intended for people who use non-pkgsrc > (builtin) SSL libraries and want to get a set of well-managed CAs. > > It could probably be smarter, or pkgsrc openssl can be taught to look > at system-wide CAs too, if it doesn't. > (I feel like for root CA choices, people will likely prefer system-wide > settings to be respected by default). Good points. But I wonder if the right thing is for mozilla-rootcerts to modify pkgsrc openssl, if that was depended on at build time, vs system openssl, if that was depended on. More or less, to operate on the openssl used by pkgsrc. Or perhaps both, but that feels icky.
Attachment:
signature.asc
Description: PGP signature