Re: security/ca-certificates

[nia <nia%NetBSD.org@localhost>]

On Wed, Jun 08, 2022 at 07:57:31PM -0400, Greg Troxel wrote:
> 
> Emmanuel Dreyfus <manu%netbsd.org@localhost> writes:
> 
> > On Wed, Jun 08, 2022 at 07:24:36PM +0300, Kimmo Suominen wrote:
> >> I respectfully object to removing ca-certificates, as it is the only
> >> available package for managing certificates on NetBSD for the system
> >> OpenSSL in a way that allows using multiple sources, including local
> >> CAs.
> >
> > Nobody is mandated to install a package, therefore the biggest
> > problem would be the package name which is said to compell installation
> > too much. Perhaps renaming would make everybodu happy?
> 
> It might also be reasonable to consider adding ca-certificates-openssl
> that installs to the active openssl etcdir, and having ca-certificates
> just install someplace where they could be used.  That way there's be
> parallel structure with mozilla-rootcerts.

It also means more ambiguity and mess... I would really like it if there
was simply _one_ way to get certificates and we could properly document
it in places like the pkgsrc guide. These discussions so far are
completely irrelevant to anyone using pkgsrc on platforms other
than NetBSD as well...

These certs are from Debian, but nowhere does it actually say this
unless you read the Makefile.