From owner-freebsd-gecko@FreeBSD.ORG  Thu Jul  3 15:36:30 2014
Return-Path: <owner-freebsd-gecko@FreeBSD.ORG>
Delivered-To: gecko@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 96E15CA8;
 Thu,  3 Jul 2014 15:36:30 +0000 (UTC)
Received: from phk.freebsd.dk (phk.freebsd.dk [130.225.244.222])
 by mx1.freebsd.org (Postfix) with ESMTP id 541C525F5;
 Thu,  3 Jul 2014 15:36:30 +0000 (UTC)
Received: from critter.freebsd.dk (unknown [192.168.48.2])
 by phk.freebsd.dk (Postfix) with ESMTP id C6C3F16D0;
 Thu,  3 Jul 2014 15:30:17 +0000 (UTC)
Received: from critter.freebsd.dk (localhost [127.0.0.1])
 by critter.freebsd.dk (8.14.9/8.14.9) with ESMTP id s63FUGgi099545;
 Thu, 3 Jul 2014 15:30:16 GMT (envelope-from phk@phk.freebsd.dk)
To: Eitan Adler <lists@eitanadler.com>
Subject: Re: RFC: Proposal: Install a /etc/ssl/cert.pem by default?
In-reply-to: <CAF6rxgmsoJCnCpnGKUXe0jnPEgGNm3BB_SF73vLOkK5X9pOoPw@mail.gmail.com>
From: "Poul-Henning Kamp" <phk@phk.freebsd.dk>
References: <53B499B1.4090003@delphij.net> <53B4B7FB.6070407@FreeBSD.org>
 <53B56F49.7030109@FreeBSD.org>
 <CAF6rxgmsoJCnCpnGKUXe0jnPEgGNm3BB_SF73vLOkK5X9pOoPw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <99543.1404401416.1@critter.freebsd.dk>
Content-Transfer-Encoding: quoted-printable
Date: Thu, 03 Jul 2014 15:30:16 +0000
Message-ID: <99544.1404401416@critter.freebsd.dk>
X-Mailman-Approved-At: Thu, 03 Jul 2014 17:13:50 +0000
Cc: d@delphij.net, Ben Laurie <benl@freebsd.org>, gecko@freebsd.org,
 Bryan Drewery <bdrewery@freebsd.org>, freebsd-security@freebsd.org,
 Jung-uk Kim <jkim@freebsd.org>,
 FreeBSD Ports Management Team <portmgr@freebsd.org>, re <re@freebsd.org>,
 Jonathan Anderson <jonathan@freebsd.org>
X-BeenThere: freebsd-gecko@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: Gecko Rendering Engine issues <freebsd-gecko.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-gecko>,
 <mailto:freebsd-gecko-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-gecko/>
List-Post: <mailto:freebsd-gecko@freebsd.org>
List-Help: <mailto:freebsd-gecko-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-gecko>,
 <mailto:freebsd-gecko-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Jul 2014 15:36:30 -0000

In message <CAF6rxgmsoJCnCpnGKUXe0jnPEgGNm3BB_SF73vLOkK5X9pOoPw@mail.gmail=
.com>, Eitan Adler writes:
>On 3 July 2014 07:57, Jonathan Anderson <jonathan@freebsd.org> wrote:
>> Just my $.02, but if the FreeBSD project is to maintain a
>> ca-root-freebsd.pem, I think it should have one certificate in it: the =
root
>> FreeBSD Project cert. Beyond that, I'm not willing to vouch for the
>> trustworthiness of any CA, and I don't think the Project should either.

I think this makes a lot of sense: FreeBSD is not in the trust-business
and have no benefit from trying to enter it.


-- =

Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    =

Never attribute to malice what can adequately be explained by incompetence=
.