Re: Can security/ca_root_nss be retired?

From: Andrea Venturoli <>
Date: Fri, 20 Jan 2023 09:16:41 UTC
On 1/20/23 09:16, Andrea Venturoli wrote:

> Base has single certs in /etc/ssl/certs, where I can add my own private 
> CAs' ones.
> Port provides a single bundled file in
> /usr/local/etc/ssl/cert.pem.

And also  /usr/local/share/certs/ca-root-nss.crt, which is used in other 
cases, overriding the others stores.

So, in the end, there should be agreement on *one* official source of 
certs and that would be ideally used by everything. The port 
could/should populate that, without disrupting local additions.