From owner-freebsd-hackers@FreeBSD.ORG Wed Oct 24 03:47:15 2007 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5BB6616A468; Wed, 24 Oct 2007 03:47:15 +0000 (UTC) (envelope-from peterjeremy@optushome.com.au) Received: from fallbackmx01.syd.optusnet.com.au (fallbackmx01.syd.optusnet.com.au [211.29.132.93]) by mx1.freebsd.org (Postfix) with ESMTP id BDC5C13C4B3; Wed, 24 Oct 2007 03:47:14 +0000 (UTC) (envelope-from peterjeremy@optushome.com.au) Received: from mail12.syd.optusnet.com.au (mail12.syd.optusnet.com.au [211.29.132.193]) by fallbackmx01.syd.optusnet.com.au (8.12.11.20060308/8.12.11) with ESMTP id l9NJVoLs012698; Wed, 24 Oct 2007 05:31:50 +1000 Received: from server.vk2pj.dyndns.org (c220-239-20-82.belrs4.nsw.optusnet.com.au [220.239.20.82]) by mail12.syd.optusnet.com.au (8.13.1/8.13.1) with ESMTP id l9NJVeUX008228 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 24 Oct 2007 05:31:41 +1000 Received: from server.vk2pj.dyndns.org (localhost.vk2pj.dyndns.org [127.0.0.1]) by server.vk2pj.dyndns.org (8.14.1/8.14.1) with ESMTP id l9NJVedJ024424; Wed, 24 Oct 2007 05:31:40 +1000 (EST) (envelope-from peter@server.vk2pj.dyndns.org) Received: (from peter@localhost) by server.vk2pj.dyndns.org (8.14.1/8.14.1/Submit) id l9NJVeOG024423; Wed, 24 Oct 2007 05:31:40 +1000 (EST) (envelope-from peter) Date: Wed, 24 Oct 2007 05:31:40 +1000 From: Peter Jeremy To: "David E. Thiel" Message-ID: <20071023193140.GP81509@server.vk2pj.dyndns.org> References: <20071021013917.GB86865@redundancy.redundancy.org> <20071022032819.GE75639@redundancy.redundancy.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="IiVenqGWf+H9Y6IX" Content-Disposition: inline In-Reply-To: <20071022032819.GE75639@redundancy.redundancy.org> X-PGP-Key: http://members.optusnet.com.au/peterjeremy/pubkey.asc User-Agent: Mutt/1.5.16 (2007-06-09) Cc: freebsd-hackers@freebsd.org, Adrian Chadd Subject: Re: packages, libfetch, and SSL X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Oct 2007 03:47:15 -0000 --IiVenqGWf+H9Y6IX Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Oct 21, 2007 at 08:28:19PM -0700, David E. Thiel wrote: >Sounds fine to me - I'll take a closer look at this. I'd still like >to see the root CA certs merged into base so libfetch can be fixed. So would I. >Does anyone object to just using the ones currently provided by the >ca_root_nss port? I would like to have CAcert (www.cacert.org) included. It is not currently in the Mozilla root set but is included in various Linux and other BSD distributions. See http://wiki.cacert.org/wiki/InclusionStatus (which lists FreeBSD on the basis of the now-removed caroot port). I agree that the final decision should be up to the Security team. --=20 Peter --IiVenqGWf+H9Y6IX Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQFHHkwc/opHv/APuIcRAlyvAJ0XkleFL9SKetKnP6AulJO7Fj259gCcCe32 KX1w+yMWWZVly8msSSKiyqM= =EJT4 -----END PGP SIGNATURE----- --IiVenqGWf+H9Y6IX--