CVS commit: pkgsrc/security/ca-certificates

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/security/ca-certificates
From: "Greg Troxel" <gdt%netbsd.org@localhost>
Date: Fri, 10 Jun 2022 13:14:10 +0000

Module Name:    pkgsrc
Committed By:   gdt
Date:           Fri Jun 10 13:14:10 UTC 2022

Modified Files:
        pkgsrc/security/ca-certificates: DESCR

Log Message:
security/ca-certificates: Clarify and adjust language

Point out that this is from Debian and that Debian's policy is unclear
(it's not on HOMEPAGE at least; they probably do have one).

Note that modification outside of the package's files is either to
base or to pkgsrc openssl.

Clarify that there's a supported way to exclude particular certs as
trust anchors.


To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.4 pkgsrc/security/ca-certificates/DESCR

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/security/ca-certificates/DESCR
diff -u pkgsrc/security/ca-certificates/DESCR:1.3 pkgsrc/security/ca-certificates/DESCR:1.4
--- pkgsrc/security/ca-certificates/DESCR:1.3   Tue Jul 20 12:59:06 2021
+++ pkgsrc/security/ca-certificates/DESCR       Fri Jun 10 13:14:10 2022
@@ -1,12 +1,20 @@
-This package provides the certificates distributed by the Mozilla
-Project and will, by default, install certificates trusted by the
-Mozilla Project in the system OpenSSL certificate store.  Modification
-of system configuration files is very irregular as pkgsrc should not
-write anything outside of ${PREFIX}.
+This package provides the root certificates distributed by the Mozilla
+Project as curated by Debian in their package of the same name, along
+with tools to manage the set of configured trust anchors for openssl.
 
-The sysadmin can configure the list of trusted certificates and also
-add local certificates as needed by editing ca-certificates.conf and
-re-running update-ca-certificates.
+\todo Explain if Debian adds or removes, or if this is exactly the
+same set.
+
+NB: Installing this package will modify the configuration of the
+openssl implementation used by pkgsrc, which is either the base system
+openssl or pkgsrc openssl.  The modification is configuring every
+certificate as a trust anchor.  Modification of system configuration
+files is very irregular as pkgsrc should not write anything outside of
+${PREFIX}.
+
+The sysadmin can exclude CA certificates from the list of trust
+anchors and also add local certificates as configured trust anchors by
+editing ca-certificates.conf and re-running update-ca-certificates.
 
 See also the mozilla-rootcerts and mozilla-rootcerts-openssl packages
 for an alternative approach.

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/bootstrap
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/bootstrap
Indexes:

Home | Main Index | Thread Index | Old Index