tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: security/mozilla-rootcerts and mozilla-rootcerts-openssl

On Fri, Nov 27, 2020 at 11:30:11AM -0500, Greg Troxel wrote:
 > The point of the mozilla-rootcerts-openssl package is to wrap the
 > command behind the package abstraction.  It lets people just put that in
 > a list of packages, instead of having to run commands.  Uninstalling
 > that package should and I think does deconfigure the CAs; if not that's
 > a bug.  Whether anyone "needs" this is a philosophical question, but it
 > seems a number of people do use it.

Yes. In particular, a large part of the point is: the script spews a
gazillion certs into your openssl config. It works this way because
it has to; openssl's config scheme leaves a fair amount to be

With the package, you can remove them again with confidence using

Without, it's at best tedious to clean them out and dangerous if you
miss one, especially if you miss one that got removed by an update.

David A. Holland

Home | Main Index | Thread Index | Old Index