Re: CA's TLS Certificate Bundle in base = BAD

From: Roger Marquis <marquis_at_roble.com>
Date: Wed, 07 Dec 2022 21:06:06 UTC
After running a 12.4 installworld found TrustCor certs had been
reinstalled.  Out of curiosity, were these known bad certificates
intentionally left in RELEASE?  If so it does appear we could use a
ports-based solution.  At this point all the port would need to do is
periodically "rm /usr/share/certs/trusted/TrustCor*" but there's sure to
be room for options to better harden PKI.

Roger Marquis