tech-pkg archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Architecture neutral packages (mozilla-rootcerts-openssl)
> The real issue remaining is the second elephant: the concept of 161
> trust anchors, the compromise of any one of which compromises the
> system, being sound is just too much to believe.
Let me offer a contrarian view for this.
Personally, I don’t care about the number of trust anchors, or audit them by hand. I have never done so 15+ years of NetBSD. On the other hand, the lack of a default set of root certs has been a near-constant source of annoyance.
I can understand not wanting to install root certificates by default. But what I would like is a simple way to do that during installation. Perhaps the installer could ask „Do you want to install a set of root certificates?“ and people like me could just answer yes. Those that want to audit the certs could just skip this step.
NetBSD is the only OS I regularly use that comes without a set of root certificates by default. All Linux distros have them. People that set up CI systems, VMs, laptops, etc. generally expect them to be there.
—
Benny
Home |
Main Index |
Thread Index |
Old Index