From owner-cvs-all@FreeBSD.ORG Thu Jun 7 20:04:00 2007 Return-Path: X-Original-To: cvs-all@FreeBSD.org Delivered-To: cvs-all@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id CD6B616A46B; Thu, 7 Jun 2007 20:04:00 +0000 (UTC) (envelope-from brooks@lor.one-eyed-alien.net) Received: from lor.one-eyed-alien.net (grnl-static-02-0046.dsl.iowatelecom.net [69.66.56.110]) by mx1.freebsd.org (Postfix) with ESMTP id 619BD13C457; Thu, 7 Jun 2007 20:04:00 +0000 (UTC) (envelope-from brooks@lor.one-eyed-alien.net) Received: from lor.one-eyed-alien.net (localhost [127.0.0.1]) by lor.one-eyed-alien.net (8.13.8/8.13.8) with ESMTP id l57K3xn4007440; Thu, 7 Jun 2007 15:03:59 -0500 (CDT) (envelope-from brooks@lor.one-eyed-alien.net) Received: (from brooks@localhost) by lor.one-eyed-alien.net (8.13.8/8.13.8/Submit) id l57K3xm0007439; Thu, 7 Jun 2007 15:03:59 -0500 (CDT) (envelope-from brooks) Date: Thu, 7 Jun 2007 15:03:59 -0500 From: Brooks Davis To: "Simon L. Nielsen" Message-ID: <20070607200359.GC6467@lor.one-eyed-alien.net> References: <200706071941.l57JfFNw026347@repoman.freebsd.org> <20070607194527.GB1193@zaphod.nitro.dk> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="mvpLiMfbWzRoNl4x" Content-Disposition: inline In-Reply-To: <20070607194527.GB1193@zaphod.nitro.dk> User-Agent: Mutt/1.5.15 (2007-04-06) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-3.0 (lor.one-eyed-alien.net [127.0.0.1]); Thu, 07 Jun 2007 15:03:59 -0500 (CDT) Cc: cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org, ports-committers@FreeBSD.org Subject: Re: cvs commit: ports/security/ca-roots Makefile X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Jun 2007 20:04:00 -0000 --mvpLiMfbWzRoNl4x Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jun 07, 2007 at 09:45:28PM +0200, Simon L. Nielsen wrote: > On 2007.06.07 19:41:15 +0000, Simon L. Nielsen wrote: > > simon 2007-06-07 19:41:15 UTC > >=20 > > FreeBSD ports repository > >=20 > > Modified files: > > security/ca-roots Makefile=20 > > Log: > > Deprecated and set one month expiration since it's not supported by > > the FreeBSD Security Officer anymore. > > =20 > > The current ca-roots port makes promises with regard to CA verificati= on > > which the current Security Officer (and deputy) do not want to make. >=20 > brooks@ has a new port which has a list of CA's (I think he said it > was extracted on-the-fly from OpenSSL but I can't recall for sure), > which will should be committed soonish. This will not be a direct > replacement for ca-roots wrt. guarantees of the CA's, but can probably > be used in most cases where ca-roots is used today. It's actually the set from the Mozilla Project's nss library. If you use an open source web browser this is the set of CAs you trust by default. There's a tarball of the current version at: http://people.freebsd.org/~brooks/ports/ca_root_nss.tar.gz It's slighlty ugly in that it requres the nss dist file and the mod_ssl distfile, but it works. -- Brooks --mvpLiMfbWzRoNl4x Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (FreeBSD) iD8DBQFGaGSvXY6L6fI4GtQRAnu3AKCz7yyFG+uOl/5LPBa1uhg2J0o8iwCeP8K/ 8oR5bC5MkGCrDph8dUZVcR8= =jusT -----END PGP SIGNATURE----- --mvpLiMfbWzRoNl4x--