I was recently pointed to ca-certificates, having missed the addition. I just added a bit to the DESCR, but I wonder if someone who understands could adjust DESCR and README.pkgsrc (yay, not MESSAGE!!) to explain: Is this package really only about OpenSSL? DESCR was written to be broader, and I narrowed DESCR, but there is gnutls, etc. (This is not a requset to extend it, just for precise description.) Does this modify only a base system OpenSSL, or does it sometimes modify pkgsrc OpenSSL? (I know I could read the code, but DESCR should be clear.) The path /etc/ssl is used in README.pkgsrc, and that is perhaps Linuxy or perhaps not NetBSD-ish as NetSBD has /etc/openssl. I wonder then if this works on NetBSD and what path it uses, and if the README.pkgsrc should ahve that substituted or use language that indicates that the default location is meant, even if it's not /etc/ssl. I am more pedantic than many, but it would be nice if the language were more explicit about configuring trust anchors for default validation, rather than "can be used". (It is possible for openssl-using programs to provide their own trust anchor set, but this is rare outside mozilla-land.) This should probably be split into ca-certificates and ca-certificates-install, so that there is a package that follows normal rules and a very small irregular package, similar to mozilla-rootcerts and mozilla-rootcerts-openssl.
Attachment:
signature.asc
Description: PGP signature