From owner-freebsd-ports@FreeBSD.ORG Mon Aug 13 19:44:22 2007 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id ADF8A16A417 for ; Mon, 13 Aug 2007 19:44:22 +0000 (UTC) (envelope-from brooks@lor.one-eyed-alien.net) Received: from lor.one-eyed-alien.net (cl-162.ewr-01.us.sixxs.net [IPv6:2001:4830:1200:a1::2]) by mx1.freebsd.org (Postfix) with ESMTP id 3407E13C442 for ; Mon, 13 Aug 2007 19:44:22 +0000 (UTC) (envelope-from brooks@lor.one-eyed-alien.net) Received: from lor.one-eyed-alien.net (localhost [127.0.0.1]) by lor.one-eyed-alien.net (8.13.8/8.13.8) with ESMTP id l7DJiK59079343; Mon, 13 Aug 2007 14:44:20 -0500 (CDT) (envelope-from brooks@lor.one-eyed-alien.net) Received: (from brooks@localhost) by lor.one-eyed-alien.net (8.13.8/8.13.8/Submit) id l7DJiKHH079342; Mon, 13 Aug 2007 14:44:20 -0500 (CDT) (envelope-from brooks) Date: Mon, 13 Aug 2007 14:44:20 -0500 From: Brooks Davis To: Vivek Khera Message-ID: <20070813194420.GA76135@lor.one-eyed-alien.net> References: <20070809101402.B98213@obelix.home.rakhesh.com> <20070809065503.GI1244@turion.vk2pj.dyndns.org> <8F9EDD82-0747-4DE2-825D-EE70470BBFAD@khera.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="EeQfGwPcQSOJBaQU" Content-Disposition: inline In-Reply-To: <8F9EDD82-0747-4DE2-825D-EE70470BBFAD@khera.org> User-Agent: Mutt/1.5.15 (2007-04-06) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-3.0 (lor.one-eyed-alien.net [127.0.0.1]); Mon, 13 Aug 2007 14:44:21 -0500 (CDT) Cc: freebsd ports Subject: Re: ca-roots expired? X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Aug 2007 19:44:22 -0000 --EeQfGwPcQSOJBaQU Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Aug 09, 2007 at 10:04:14AM -0400, Vivek Khera wrote: >=20 > On Aug 9, 2007, at 2:55 AM, Peter Jeremy wrote: >=20 > > There's a security/ca_root_nss port that installs the root certificate > > bundle from the Mozilla project. There are some differences between > > this set and those installed by the ca-roots port. >=20 > I found a mkcabundle program at=20 > http://www.mail-archive.com/modssl-users@modssl.org/msg16980.html which= =20 > fetches the NSS data via cvs and creates the file locally. >=20 > The port seems to fetch a lot of source files just to get the data and t= he=20 > script to convert the data, but has the advantage of the ports=20 > infrastructure letting you know when it needs updating. I'd prefer not to download the mod_ssl source, but it's unclear if maintaining a copy of the script in ports would be OK under the license so I just punted do download the whole thing. If someone contacts the original author and gets license clarification (ideally BSD or public domain) on the script I'd be happy to include it in the ports and save that download. I think downloading nss is the right thing to do as it clearly delegates the trust issues to the Mozilla Project. -- Brooks --EeQfGwPcQSOJBaQU Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (FreeBSD) iD8DBQFGwLSTXY6L6fI4GtQRAgWXAJkBA6n82W6qCg76+fbeARAF1htCRwCghuBv Obhnsne6MBUZkiMfo7DL2vo= =NdYV -----END PGP SIGNATURE----- --EeQfGwPcQSOJBaQU--