Date: Sun, 17 Jul 2022 07:05:21 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 265250] ports-mgmt/portmaster -F does not suppress build of depends (for sysutils/restic, for one) Message-ID: <bug-265250-7788-Knu9UVw7Vi@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-265250-7788@https.bugs.freebsd.org/bugzilla/> References: <bug-265250-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D265250 --- Comment #9 from Stefan E=C3=9Fer <se@FreeBSD.org> --- (In reply to Tatsuki Makino from comment #8) > These days, it seems that several root certificates are installed in the = base just like any other OS. > They are located in /usr/share/certs. > But I don't know if they are used when fetching distfile. Yes, and I had missed the fact that you specifically mentioned fetching distfiles from https URLs. The root certificates in the base system are used by "fetch" (it uses the default OpenSSL certificate path, unless a different path is requested by m= eans of the --ca-path option or the SSL_CA_CERT_PATH environment variable). I'd be surprised if ca_root_nss was required to fetch and distfile, today. The ca_root_nss port is required to provide Firefox and Thunderbird with the set of root certificates selected by these projects, but should not be depe= nded on for fetching distfiles, IMHO. There is a risk of the root certificates in the base system becoming stale = on systems that are not updated for a long time, though. I have not checked whether the root certificates in base of the currently maintained FreeBSD releases always cover the time until the expected EOL da= te of the respective FreeBSD release - this might be a useful step in the rele= ase process, and a warning should be issued if such root certificates become invalid during the life time of a release. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-265250-7788-Knu9UVw7Vi>