tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: security/ca-certificates

On Fri, Jun 10, 2022 at 08:07:47AM -0400, Greg Troxel wrote:
> pkgsrc policy so far has been to respect the base system choice of
> whether to pre-configure trust anchors or not.  That means not changing
> things in /etc, and it also means that when pkgsrc installs openssl that
> there aren't configured trust anchors from pkgsrc.

I (and some others) would like it so that no more packages can be
added that fiddle with stuff outside the pkgsrc prefix and VARBASE
without explicit community discussion.

Certainly these packages should not be used on non-NetBSD platforms
and they should be tightly restricted with ONLY_FOR_PLATFORM and
probably some other checks about what exactly they might be
installing to, or overwriting.

I wanted to object to this at the time, but life got in the way.
That's my lesson not to wait before mentioning these things ;)

Home | Main Index | Thread Index | Old Index