After a routine update this morning (last one was probably 3 days ago), I see that 147 files in /etc need updating. When I run etc-update, they're all ".pem" CA files (or links?). It looks like it was all of the .pem files under /etc/ssl/certs. I did a -5, and all seems well.
It's a bit alarming when portage tells you that all of your root CA files have been modified since they were installed. The package app-misc/ca-certificates was updated last week (and it's quite possible the 147 /etc files needed updating after that), but I've never had to deal with certificate file updates like that before (nor have I ever seen anything similar on other Gentoo machines). The only thing I can think of that seems relevent is that last week I did add one _local_ certificate using the method prescribed by the Wiki: # mkdir -p /usr/local/share/ca-certificates # cp <localCA>.crt /usr/local/share/ca-certificates # update-ca-certificates Would that fool portage into thinking that all 147 CA files belonging to app-misc/ca-certificates had been modified and needed to be "merged" when app-misc/ca-certificates got updgraded? -- Grant