RFC: Proposal: Install a /etc/ssl/cert.pem by default?
John-Mark Gurney
jmg at funkthat.com
Fri Jul 4 02:36:05 UTC 2014
Xin Li wrote this message on Wed, Jul 02, 2014 at 16:45 -0700:
> 1. Import a set of trusted root certificates, and install if
> MK_OPENSSL is yes, to /usr/share/misc/ca-root-freebsd.pem;
My only comment on this is that we (committers) or -core needs to decide
how certs are added/removed... If it's mirror mozzila's cert repo, then
that's fine, but if we don't have a policy, what will we do when other
CA's contact someone at FreeBSD wanting to get their cert included by
default?
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
More information about the freebsd-security
mailing list