Date: Thu, 30 Apr 2020 14:38:56 +0000 (UTC) From: Kyle Evans <kevans@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r360495 - in stable: 11 12 Message-ID: <202004301438.03UEcuDl047224@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: kevans Date: Thu Apr 30 14:38:55 2020 New Revision: 360495 URL: https://svnweb.freebsd.org/changeset/base/360495 Log: MFC r355423: UPDATING: Add [less] long-belated note about certs in base While the interaction between this and the ETCSYMLINK option of security/ca_root_nss isn't necessarily fatal, one should be aware and attempt to understand the ramifications of mixing the two. ports-secteam will be contacted to discuss the default option for branches where certs are being included in base. Modified: stable/11/UPDATING Directory Properties: stable/11/ (props changed) Changes in other areas also in this revision: Modified: stable/12/UPDATING Directory Properties: stable/12/ (props changed) Modified: stable/11/UPDATING ============================================================================== --- stable/11/UPDATING Thu Apr 30 13:48:58 2020 (r360494) +++ stable/11/UPDATING Thu Apr 30 14:38:55 2020 (r360495) @@ -16,6 +16,16 @@ from older versions of FreeBSD, try WITHOUT_CLANG and the tip of head, and then rebuild without this option. The bootstrap process from older version of current across the gcc/clang cutover is a bit fragile. +20200430: + The root certificates of the Mozilla CA Certificate Store have been + imported into the base system and can be managed with the certctl(8) + utility. If you have installed the security/ca_root_nss port or package + with the ETCSYMLINK option (the default), be advised that there may be + differences between those included in the port and those included in + base due to differences in nss branch used as well as general update + frequency. Note also that certctl(8) cannot manage certs in the + format used by the security/ca_root_nss port. + 20190913: ntpd no longer by default locks its pages in memory, allowing them to be paged out by the kernel. Use rlimit memlock to restore
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202004301438.03UEcuDl047224>