tech-pkg archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Does mozilla-rootcerts-openssl need to be unconditionally NOT_FOR_UNPRIVILEGED?
Jason Bacon <outpaddling%yahoo.com@localhost> writes:
> If we're going to adhere to that policy at the expense of common tools
> not working out-of-the-box, maybe there's something else we can do for
> curl users like patch in a user-friendly message stating that it's a
> security policy and suggesting mozilla-rootcerts-openssl when this
> type of failure occurs.
"working" and "good security properties" are two different things, and
different people have difference opinions.
If you want to bring up on tech-pkg that pkgsrc should by default force
the mozilla root certs to be installed whenever *any package* that uses
openssl is installed, we can have that discussion. I think it's got to
be either "this is the pkgsrc way" or "this is not the pkgsrc way" for
automatic (with a user tunable since obviously if we change not
everybody is ok with that), and that "I installed R and now my trust
anchors have changed" is madness (for any value of R :-).
Home |
Main Index |
Thread Index |
Old Index