Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 30 Apr 2020 14:38:56 +0000 (UTC)
From:      Kyle Evans <kevans@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org
Subject:   svn commit: r360495 - in stable: 11 12
Message-ID:  <202004301438.03UEcuDl047224@repo.freebsd.org>
index | next in thread | raw e-mail 

Author: kevans
Date: Thu Apr 30 14:38:55 2020
New Revision: 360495
URL: https://svnweb.freebsd.org/changeset/base/360495

Log:
  MFC r355423: UPDATING: Add [less] long-belated note about certs in base
  
  While the interaction between this and the ETCSYMLINK option of
  security/ca_root_nss isn't necessarily fatal, one should be aware and
  attempt to understand the ramifications of mixing the two.
  
  ports-secteam will be contacted to discuss the default option for branches
  where certs are being included in base.

Modified:
  stable/11/UPDATING
Directory Properties:
  stable/11/   (props changed)

Changes in other areas also in this revision:
Modified:
  stable/12/UPDATING
Directory Properties:
  stable/12/   (props changed)

Modified: stable/11/UPDATING
==============================================================================
--- stable/11/UPDATING	Thu Apr 30 13:48:58 2020	(r360494)
+++ stable/11/UPDATING	Thu Apr 30 14:38:55 2020	(r360495)
@@ -16,6 +16,16 @@ from older versions of FreeBSD, try WITHOUT_CLANG and 
 the tip of head, and then rebuild without this option. The bootstrap process
 from older version of current across the gcc/clang cutover is a bit fragile.
 
+20200430:
+	The root certificates of the Mozilla CA Certificate Store have been
+	imported into the base system and can be managed with the certctl(8)
+	utility.  If you have installed the security/ca_root_nss port or package
+	with the ETCSYMLINK option (the default), be advised that there may be
+	differences between those included in the port and those included in
+	base due to differences in nss branch used as well as general update
+	frequency.  Note also that certctl(8) cannot manage certs in the
+	format used by the security/ca_root_nss port.
+
 20190913:
 	ntpd no longer by default locks its pages in memory, allowing them
 	to be paged out by the kernel. Use rlimit memlock to restore
home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202004301438.03UEcuDl047224>