svn commit: r365233 - in stable: 11/secure/caroot/trusted 12/secure/caroot/trusted
Kyle Evans
kevans at freebsd.org
Wed Sep 2 12:45:15 UTC 2020
On Wed, Sep 2, 2020 at 1:26 AM Helge Oldach <freebsd at oldach.net> wrote:
>
> Hi,
>
> Kyle Evans wrote on Wed, 02 Sep 2020 03:35:46 +0200 (CEST):
> > Author: kevans
> > Date: Wed Sep 2 01:35:45 2020
> > New Revision: 365233
> > URL: https://svnweb.freebsd.org/changeset/base/365233
> >
> > Log:
> > MFC r364943: carrot: update bundle
> >
> > Stats:
> > - Seven (7) removed
>
> I'm kind of confused by the caroot update process.
>
> secure/caroot/README states:
>
> 1) Any no-longer-trusted certificates should be moved to the
> blacklisted directory (svn mv)
>
> Apparently that hasn't happened here. The impact is that during a build
> from source and installworld retired certificates will *not* be removed
> from the system. IMHO that is kind of a POLA violation, as users need to
> manually wipe /usr/share/certs/trusted/ prior to installworld to achieve
> the desired result.
>
> Am I missing something?
>
Alas, it is not you that is missing something, it is me. :-)
You and the instructions are 100% correct; I will fix this posthaste.
Thanks,
Kyle Evans
More information about the svn-src-stable-12
mailing list