cvs commit: ports/security/ca-roots Makefile
Brooks Davis
brooks at FreeBSD.org
Fri Jul 6 21:39:08 UTC 2007
On Thu, Jun 07, 2007 at 03:03:59PM -0500, Brooks Davis wrote:
> On Thu, Jun 07, 2007 at 09:45:28PM +0200, Simon L. Nielsen wrote:
> > On 2007.06.07 19:41:15 +0000, Simon L. Nielsen wrote:
> > > simon 2007-06-07 19:41:15 UTC
> > >
> > > FreeBSD ports repository
> > >
> > > Modified files:
> > > security/ca-roots Makefile
> > > Log:
> > > Deprecated and set one month expiration since it's not supported by
> > > the FreeBSD Security Officer anymore.
> > >
> > > The current ca-roots port makes promises with regard to CA verification
> > > which the current Security Officer (and deputy) do not want to make.
> >
> > brooks@ has a new port which has a list of CA's (I think he said it
> > was extracted on-the-fly from OpenSSL but I can't recall for sure),
> > which will should be committed soonish. This will not be a direct
> > replacement for ca-roots wrt. guarantees of the CA's, but can probably
> > be used in most cases where ca-roots is used today.
>
> It's actually the set from the Mozilla Project's nss library. If you
> use an open source web browser this is the set of CAs you trust by
> default. There's a tarball of the current version at:
>
> http://people.freebsd.org/~brooks/ports/ca_root_nss.tar.gz
>
> It's slighlty ugly in that it requres the nss dist file and the mod_ssl
> distfile, but it works.
I've committed security/ca_root_nss.
-- Brooks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/cvs-ports/attachments/20070706/f381beaf/attachment.pgp
More information about the cvs-ports
mailing list