On Sun, Oct 21, 2007 at 08:28:19PM -0700, David E. Thiel wrote: >Sounds fine to me - I'll take a closer look at this. I'd still like >to see the root CA certs merged into base so libfetch can be fixed.
So would I. >Does anyone object to just using the ones currently provided by the >ca_root_nss port? I would like to have CAcert (www.cacert.org) included. It is not currently in the Mozilla root set but is included in various Linux and other BSD distributions. See http://wiki.cacert.org/wiki/InclusionStatus (which lists FreeBSD on the basis of the now-removed caroot port). I agree that the final decision should be up to the Security team. -- Peter
pgpJdew8Ad1VM.pgp
Description: PGP signature
