Re: security/ca-certificates

To: nia <nia%NetBSD.org@localhost>, Greg Troxel <gdt%lexort.com@localhost>, Martin Husemann <martin%duskware.de@localhost>, Emmanuel Dreyfus <manu%netbsd.org@localhost>
Subject: Re: security/ca-certificates
From: Kimmo Suominen <kim%netbsd.org@localhost>
Date: Sun, 12 Jun 2022 10:27:48 +0300

On Fri, Jun 10, 2022 at 01:09:21PM +0000, nia wrote:
> The problem is the packages where installation has side-effects -
> we don't know how they might clobber things.

I have addressed this in ca-certificates-20211016nb3 by making the
management of the system certificate store configurable, so that it must
be first enabled by the system administrator.

Without explicit configuration created by the system administrator,
installing the package no longer has any side-effects. If you find that
it does, please use send-pr to report it as a bug.

I also inserted additional language (obtained from the upstream package)
in DESCR to hopefully make it even more clear that the CA certs come
from Mozilla `as is' without any additional vetting or assurances by
Debian, NetBSD, or pkgsrc.

Thanks for all the feedback, and kind regards,
+ Kimmo

References:
- Re: security/ca-certificates
  - From: Kimmo Suominen
- Re: security/ca-certificates
  - From: Emmanuel Dreyfus
- Re: security/ca-certificates
  - From: Greg Troxel
- Re: security/ca-certificates
  - From: nia
- Re: security/ca-certificates
  - From: Greg Troxel
- Re: security/ca-certificates
  - From: Martin Husemann
- Re: security/ca-certificates
  - From: Greg Troxel
- Re: security/ca-certificates
  - From: nia
- Re: security/ca-certificates
  - From: Greg Troxel
- Re: security/ca-certificates
  - From: nia

Prev by Date: Re: USE_NCURSES not working in sysutils/htop - CURSES_DEFAULT=ncurses working
Next by Date: Re: CVS commit: pkgsrc/www/firefox
Previous by Thread: Re: security/ca-certificates
Next by Thread: Re: security/ca-certificates
Indexes:

Home | Main Index | Thread Index | Old Index