From owner-cvs-all@FreeBSD.ORG Thu Jun 7 19:45:30 2007 Return-Path: X-Original-To: cvs-all@FreeBSD.org Delivered-To: cvs-all@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 18F6A16A46B; Thu, 7 Jun 2007 19:45:30 +0000 (UTC) (envelope-from simon@zaphod.nitro.dk) Received: from mx.nitro.dk (zarniwoop.nitro.dk [83.92.207.38]) by mx1.freebsd.org (Postfix) with ESMTP id C52C313C46A; Thu, 7 Jun 2007 19:45:29 +0000 (UTC) (envelope-from simon@zaphod.nitro.dk) Received: from zaphod.nitro.dk (unknown [192.168.3.39]) by mx.nitro.dk (Postfix) with ESMTP id 4CBF22D4F63; Thu, 7 Jun 2007 19:45:28 +0000 (UTC) Received: by zaphod.nitro.dk (Postfix, from userid 3000) id 3BC2911457; Thu, 7 Jun 2007 21:45:28 +0200 (CEST) Date: Thu, 7 Jun 2007 21:45:28 +0200 From: "Simon L. Nielsen" To: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org Message-ID: <20070607194527.GB1193@zaphod.nitro.dk> References: <200706071941.l57JfFNw026347@repoman.freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200706071941.l57JfFNw026347@repoman.freebsd.org> User-Agent: Mutt/1.5.15 (2007-04-06) Cc: Subject: Re: cvs commit: ports/security/ca-roots Makefile X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Jun 2007 19:45:30 -0000 On 2007.06.07 19:41:15 +0000, Simon L. Nielsen wrote: > simon 2007-06-07 19:41:15 UTC > > FreeBSD ports repository > > Modified files: > security/ca-roots Makefile > Log: > Deprecated and set one month expiration since it's not supported by > the FreeBSD Security Officer anymore. > > The current ca-roots port makes promises with regard to CA verification > which the current Security Officer (and deputy) do not want to make. brooks@ has a new port which has a list of CA's (I think he said it was extracted on-the-fly from OpenSSL but I can't recall for sure), which will should be committed soonish. This will not be a direct replacement for ca-roots wrt. guarantees of the CA's, but can probably be used in most cases where ca-roots is used today. -- Simon L. Nielsen