Re: [Christos Zoulas] CVS commit: src/usr.bin/ftp

To: Christos Zoulas <christos%zoulas.com@localhost>
Subject: Re: [Christos Zoulas] CVS commit: src/usr.bin/ftp
From: Martin Husemann <martin%duskware.de@localhost>
Date: Fri, 2 Sep 2022 17:32:17 +0200

On Fri, Sep 02, 2022 at 06:23:48PM +0300, Christos Zoulas wrote:
> I think we should be installing the anchors by default. I also think
> that people think that https gets validated by default.

I agree. The problem is that we need to suply anchors now with new
installations and have a way to keep them updated (and optionaly disabled).

Could be something easy like using the mozilla root certs from last quarters
pkgsrc branch, downloadable from some well known NetBSD.org URL.

Either the original bin pkg and a (special) base system script to unpack
and update (w/o pkg_add and architecture check), or some automatic
magic on the server side to rebundle them in the format expected by the
update script on the client side.

And some local overrides (as we usually have with this kind of tools) to
get a different bundle from a local URL or disable the whole update.

Martin

Follow-Ups:
- Re: [Christos Zoulas] CVS commit: src/usr.bin/ftp
  - From: Greg Troxel
- Re: [Christos Zoulas] CVS commit: src/usr.bin/ftp
  - From: Pierre-Philipp Braun

References:
- [Christos Zoulas] CVS commit: src/usr.bin/ftp
  - From: Greg Troxel
- Re: [Christos Zoulas] CVS commit: src/usr.bin/ftp
  - From: Christos Zoulas

Prev by Date: Re: [Christos Zoulas] CVS commit: src/usr.bin/ftp
Next by Date: grep -r: add default "."
Previous by Thread: Re: [Christos Zoulas] CVS commit: src/usr.bin/ftp
Next by Thread: Re: [Christos Zoulas] CVS commit: src/usr.bin/ftp
Indexes:

Home | Main Index | Thread Index | Old Index