Date: Wed, 2 Sep 2020 07:45:03 -0500 From: Kyle Evans <kevans@freebsd.org> To: Helge Oldach <freebsd@oldach.net> Cc: svn-src-stable-12@freebsd.org Subject: Re: svn commit: r365233 - in stable: 11/secure/caroot/trusted 12/secure/caroot/trusted Message-ID: <CACNAnaG=0E=gjQAJM%2B6NXM8%2B7NtU0mFJtkUU2BEmTpayCu0F_A@mail.gmail.com> In-Reply-To: <202009020626.0826Q38g057727@nuc.oldach.net> References: <202009020135.0821ZkYK085806@repo.freebsd.org> <202009020626.0826Q38g057727@nuc.oldach.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Sep 2, 2020 at 1:26 AM Helge Oldach <freebsd@oldach.net> wrote: > > Hi, > > Kyle Evans wrote on Wed, 02 Sep 2020 03:35:46 +0200 (CEST): > > Author: kevans > > Date: Wed Sep 2 01:35:45 2020 > > New Revision: 365233 > > URL: https://svnweb.freebsd.org/changeset/base/365233 > > > > Log: > > MFC r364943: carrot: update bundle > > > > Stats: > > - Seven (7) removed > > I'm kind of confused by the caroot update process. > > secure/caroot/README states: > > 1) Any no-longer-trusted certificates should be moved to the > blacklisted directory (svn mv) > > Apparently that hasn't happened here. The impact is that during a build > from source and installworld retired certificates will *not* be removed > from the system. IMHO that is kind of a POLA violation, as users need to > manually wipe /usr/share/certs/trusted/ prior to installworld to achieve > the desired result. > > Am I missing something? > Alas, it is not you that is missing something, it is me. :-) You and the instructions are 100% correct; I will fix this posthaste. Thanks, Kyle Evans
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CACNAnaG=0E=gjQAJM%2B6NXM8%2B7NtU0mFJtkUU2BEmTpayCu0F_A>