Re: [PATCH] HTTPS/TLS CA certificates in base

To: Taylor R Campbell <riastradh%NetBSD.org@localhost>
Subject: Re: [PATCH] HTTPS/TLS CA certificates in base
From: Greg Troxel <gdt%lexort.com@localhost>
Date: Mon, 21 Aug 2023 06:31:13 -0400

With the certctl patch on the table, I think it will be possible for
anybody who wants to

  install mozilla-rootcerts
  change certctl.conf to point to it

and get what abs@ wants for updates (which is different that everybody
getting it by default).

I am now in the "this is not really different from any other serious
vulnerability in case" camp.

I have long believed that installing any particular release and leaving
it indefinitely is not reasonable.  My own practice is to run the
netbsd-N stable branch and routinely update along the branch every 2
months, which means I am never far out of date and also in a position to
update/build/rsync/update quickly when fixes for serious CVEs appear on
the branch.  So it's the same timeline as updating pkgsrc (update,
pkg_rr, create summary, sync, pkgin) with different steps.

References:
- Re: [PATCH] HTTPS/TLS CA certificates in base
  - From: Taylor R Campbell

Prev by Date: Re: [PATCH] HTTPS/TLS CA certificates in base
Next by Date: [PATCH] HTTPS/TLS CA certificates in base
Previous by Thread: Re: [PATCH] HTTPS/TLS CA certificates in base
Next by Thread: Re: [PATCH] HTTPS/TLS CA certificates in base
Indexes:

Home | Main Index | Thread Index | Old Index