Re: security/ca-certificates

To: Greg Troxel <gdt%lexort.com@localhost>
Subject: Re: security/ca-certificates
From: nia <nia%NetBSD.org@localhost>
Date: Fri, 10 Jun 2022 12:29:33 +0000

On Fri, Jun 10, 2022 at 08:07:47AM -0400, Greg Troxel wrote:
> pkgsrc policy so far has been to respect the base system choice of
> whether to pre-configure trust anchors or not.  That means not changing
> things in /etc, and it also means that when pkgsrc installs openssl that
> there aren't configured trust anchors from pkgsrc.

I (and some others) would like it so that no more packages can be
added that fiddle with stuff outside the pkgsrc prefix and VARBASE
without explicit community discussion.

Certainly these packages should not be used on non-NetBSD platforms
and they should be tightly restricted with ONLY_FOR_PLATFORM and
probably some other checks about what exactly they might be
installing to, or overwriting.

I wanted to object to this at the time, but life got in the way.
That's my lesson not to wait before mentioning these things ;)

Follow-Ups:
- Re: security/ca-certificates
  - From: Greg Troxel
- Re: security/ca-certificates
  - From: Greg Troxel
- Re: security/ca-certificates
  - From: Greg Troxel

References:
- security/ca-certificates
  - From: nia
- Re: security/ca-certificates
  - From: Kimmo Suominen
- Re: security/ca-certificates
  - From: Emmanuel Dreyfus
- Re: security/ca-certificates
  - From: Greg Troxel
- Re: security/ca-certificates
  - From: nia
- Re: security/ca-certificates
  - From: Greg Troxel
- Re: security/ca-certificates
  - From: Martin Husemann
- Re: security/ca-certificates
  - From: Greg Troxel

Prev by Date: Re: security/ca-certificates
Next by Date: Re: security/ca-certificates
Previous by Thread: Re: security/ca-certificates
Next by Thread: Re: security/ca-certificates
Indexes:

Home | Main Index | Thread Index | Old Index