RFC: Proposal: Install a /etc/ssl/cert.pem by default?

[Garrett Wollman]

<<On Fri, 4 Jul 2014 00:14:48 +0200, Daniel Roethlisberger <daniel at roe.ch> said:

> [1] There is no such thing as a perfect CA bundle (i.e. both
>     secure *and* usable) given how broken the whole CA system is
>     these days.

So is anyone working on DANE support in libfetch and other base-system
utilities?  Let's lead on this rather than just flaming about how CAs
suck....

-GAWollman