ca-roots expired?

Brooks Davis brooks at freebsd.org
Mon Aug 13 12:44:22 PDT 2007


On Thu, Aug 09, 2007 at 10:04:14AM -0400, Vivek Khera wrote:
> 
>  On Aug 9, 2007, at 2:55 AM, Peter Jeremy wrote:
> 
> > There's a security/ca_root_nss port that installs the root certificate
> > bundle from the Mozilla project.  There are some differences between
> > this set and those installed by the ca-roots port.
> 
>  I found a mkcabundle program at 
>  http://www.mail-archive.com/modssl-users@modssl.org/msg16980.html which 
>  fetches the NSS data via cvs and creates the file locally.
> 
>  The port seems to fetch a lot of source files just to get the data and the 
>  script to convert the data, but has the advantage of the ports 
>  infrastructure letting you know when it needs updating.

I'd prefer not to download the mod_ssl source, but it's unclear if
maintaining a copy of the script in ports would be OK under the license
so I just punted do download the whole thing.  If someone contacts the
original author and gets license clarification (ideally BSD or public
domain) on the script I'd be happy to include it in the ports and save
that download.  I think downloading nss is the right thing to do as it
clearly delegates the trust issues to the Mozilla Project.

-- Brooks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20070813/3ebd71ec/attachment.pgp


More information about the freebsd-ports mailing list