pkgsrc-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Depending on security/ca-certificates?

On Tue, Jul 20, 2021 at 09:24:54AM -0400, Greg Troxel wrote:
>   I'm fuzzy on this, but: NetBSD base systems tend not to get updated
>   very fast, and it used to be that people thought that the mozilla root
>   set needed timely updates.  That leads to either wanting to push this
>   out of base or to have some update mechanisms like pkg-vulnerabilties.
>   It may be that this is not really a big issue; I think CAs get kicked
>   out of the mozilla set rarely.

The mozilla set of trust anchors doesn't change that often. Chances are
if you don't update your system between two changes of the CA set, you
already have security vulnerabilities anyway.


Home | Main Index | Thread Index | Old Index