Re: Depending on security/ca-certificates?

To: pkgsrc-users <pkgsrc-users%netbsd.org@localhost>
Subject: Re: Depending on security/ca-certificates?
From: Joerg Sonnenberger <joerg%bec.de@localhost>
Date: Tue, 20 Jul 2021 16:17:06 +0200

On Tue, Jul 20, 2021 at 09:24:54AM -0400, Greg Troxel wrote:
>   I'm fuzzy on this, but: NetBSD base systems tend not to get updated
>   very fast, and it used to be that people thought that the mozilla root
>   set needed timely updates.  That leads to either wanting to push this
>   out of base or to have some update mechanisms like pkg-vulnerabilties.
>   It may be that this is not really a big issue; I think CAs get kicked
>   out of the mozilla set rarely.

The mozilla set of trust anchors doesn't change that often. Chances are
if you don't update your system between two changes of the CA set, you
already have security vulnerabilities anyway.

Joerg

References:
- Depending on security/ca-certificates?
  - From: Michael-John Turner
- Re: Depending on security/ca-certificates?
  - From: Greg Troxel
- Re: Depending on security/ca-certificates?
  - From: Michael-John Turner
- Re: Depending on security/ca-certificates?
  - From: Greg Troxel

Prev by Date: Re: Depending on security/ca-certificates?
Next by Date: Re: Depending on security/ca-certificates?
Previous by Thread: Re: Depending on security/ca-certificates?
Next by Thread: Re: Depending on security/ca-certificates?
Indexes:

Home | Main Index | Thread Index | Old Index