tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: security/ca-certificates

On Fri, Jun 10, 2022 at 01:09:21PM +0000, nia wrote:
> The problem is the packages where installation has side-effects -
> we don't know how they might clobber things.

I have addressed this in ca-certificates-20211016nb3 by making the
management of the system certificate store configurable, so that it must
be first enabled by the system administrator.

Without explicit configuration created by the system administrator,
installing the package no longer has any side-effects. If you find that
it does, please use send-pr to report it as a bug.

I also inserted additional language (obtained from the upstream package)
in DESCR to hopefully make it even more clear that the CA certs come
from Mozilla `as is' without any additional vetting or assurances by
Debian, NetBSD, or pkgsrc.

Thanks for all the feedback, and kind regards,
+ Kimmo

Home | Main Index | Thread Index | Old Index