RFC: Proposal: Install a /etc/ssl/cert.pem by default?
Eitan Adler
lists at eitanadler.com
Fri Jul 4 01:13:15 UTC 2014
On 3 July 2014 18:03, Jonathan Anderson <jonathan at freebsd.org> wrote:
> Put another way, /etc/ssl and /usr/local/etc/ssl are additive, not
> subtractive: we can make it easy for users to install whatever CA bundles
> they like, but if you put a bad CA cert in the base system, I have to
> manually patch the base system, even in environments where I'd rather use
> binary releases and freebsd-update.
Lets turn it into a config file then? Why does this have to happen
at install time?
We are just dealing with defaults here. In general, the default
system should Just Work.
--
Eitan Adler
More information about the freebsd-security
mailing list