Date: Fri, 6 Jul 2007 16:39:18 -0500 From: Brooks Davis <brooks@FreeBSD.org> To: Brooks Davis <brooks@FreeBSD.org> Cc: cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org, "Simon L. Nielsen" <simon@FreeBSD.org>, ports-committers@FreeBSD.org Subject: Re: cvs commit: ports/security/ca-roots Makefile Message-ID: <20070706213918.GA69646@lor.one-eyed-alien.net> In-Reply-To: <20070607200359.GC6467@lor.one-eyed-alien.net> References: <200706071941.l57JfFNw026347@repoman.freebsd.org> <20070607194527.GB1193@zaphod.nitro.dk> <20070607200359.GC6467@lor.one-eyed-alien.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--C7zPtVaVf+AK4Oqc Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jun 07, 2007 at 03:03:59PM -0500, Brooks Davis wrote: > On Thu, Jun 07, 2007 at 09:45:28PM +0200, Simon L. Nielsen wrote: > > On 2007.06.07 19:41:15 +0000, Simon L. Nielsen wrote: > > > simon 2007-06-07 19:41:15 UTC > > >=20 > > > FreeBSD ports repository > > >=20 > > > Modified files: > > > security/ca-roots Makefile=20 > > > Log: > > > Deprecated and set one month expiration since it's not supported by > > > the FreeBSD Security Officer anymore. > > > =20 > > > The current ca-roots port makes promises with regard to CA verifica= tion > > > which the current Security Officer (and deputy) do not want to make. > >=20 > > brooks@ has a new port which has a list of CA's (I think he said it > > was extracted on-the-fly from OpenSSL but I can't recall for sure), > > which will should be committed soonish. This will not be a direct > > replacement for ca-roots wrt. guarantees of the CA's, but can probably > > be used in most cases where ca-roots is used today. >=20 > It's actually the set from the Mozilla Project's nss library. If you > use an open source web browser this is the set of CAs you trust by > default. There's a tarball of the current version at: >=20 > http://people.freebsd.org/~brooks/ports/ca_root_nss.tar.gz >=20 > It's slighlty ugly in that it requres the nss dist file and the mod_ssl > distfile, but it works. I've committed security/ca_root_nss. -- Brooks --C7zPtVaVf+AK4Oqc Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (FreeBSD) iD8DBQFGjraFXY6L6fI4GtQRAkT4AKC3Wx+UB+mDXyQu4Ry8WM9JlAaqvACeKmw1 bbsj+QTsegncjeatIziQUFE= =HdPL -----END PGP SIGNATURE----- --C7zPtVaVf+AK4Oqc--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070706213918.GA69646>