Bryan Drewery wrote: > libfetch will now look in /usr/local/etc/ssl/ before /etc/ssl.
How very sensible!
I like the idea of secteam maintaining a ca-root-freebsd.pem even better, as long as you are willing to.
Just my $.02, but if the FreeBSD project is to maintain a ca-root-freebsd.pem, I think it should have one certificate in it: the root FreeBSD Project cert. Beyond that, I'm not willing to vouch for the trustworthiness of any CA, and I don't think the Project should either.
Let people install CA bundles from packages, even give admins the choice of "the Mozilla bundle" vs "Dr Guru's paranoid bundle" vs whatever, but I don't think the Project should be in the business of endorsing any particular CA in the base system.
IMHO always install it, don't depend on MK_OPENSSL. Is the file actually specific to OpenSSL? Ports would love to have it be available all the time regardless of SSL library choices.
Or we could patch the OpenSSL port to use /usr/local/etc/ssl too? Jon -- Jonathan Anderson [email protected] _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-gecko To unsubscribe, send any mail to "[email protected]"
