On Tuesday, December 17, 2013 6:02:32 PM UTC-5, Michael Shuler wrote: > Attached is my little check script that I run from cron to check for new
Thank you! My context for pulling the certdata.txt is from within the mk-ca-bundle.pl (or .vbs) script from the cURL project, which has no external dependencies. Pulling from an https presents a chicken and egg problem so I'd have to use http. Others seem to use this script as well. However, I was wary about pulling directly from a source repository versus a release, in case of an erroneous commit or something. Presumably such a thing would be caught fairly quick. Definitely caught by the next aurora or nss release. Whereas, it may not be caught at the precise time someone, somewhere in the world runs their copy of mk-ca-bundle.pl script. Is this a valid line of reasoning? If not, I'd be happy just pulling from http://hg.mozilla.org/projects/nss/raw-file/default/lib/ckfw/builtins/certdata.txt and pass that on as a somewhat official preferred source. :) Leif _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
