Bryan Drewery wrote: > libfetch will now look in /usr/local/etc/ssl/ before /etc/ssl. How very sensible! > I like the idea of secteam maintaining a ca-root-freebsd.pem even > better, as long as you are willing to. Just my $.02, but if the FreeBSD project is to maintain a ca-root-freebsd.pem, I think it should have one certificate in it: the root FreeBSD Project cert. Beyond that, I'm not willing to vouch for the trustworthiness of any CA, and I don't think the Project should either. Let people install CA bundles from packages, even give admins the choice of "the Mozilla bundle" vs "Dr Guru's paranoid bundle" vs whatever, but I don't think the Project should be in the business of endorsing any particular CA in the base system. > IMHO always install it, don't depend on MK_OPENSSL. Is the file actually > specific to OpenSSL? Ports would love to have it be available all the > time regardless of SSL library choices. Or we could patch the OpenSSL port to use /usr/local/etc/ssl too? Jon -- Jonathan Anderson jonathan@FreeBSD.org _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"