Re: Can security/ca_root_nss be retired?
- Reply: Mel Pilgrim : "Re: Can security/ca_root_nss be retired?"
- In reply to: Mel Pilgrim : "Can security/ca_root_nss be retired?"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 19 Jan 2023 12:08:01 UTC
On Thu, 19 Jan 2023 03:13:48 -0800 Mel Pilgrim <list_freebsd@bluerosetech.com> wrote: > Given /usr/share/certs exists for all supported releases, is there any > reason to keep the ca_root_nss port? If everyone in the world uses LATEST main only, yes. But the assumption is clearly nonsense. Basically, commits to main are settled a while before MFC to stable branches, and MFS to releng branches needs additional settling days. If any certs happened to be non-reliable, this delay can cause, at worst, catastorphic scenario. If updates to certs are always promised to be "MFC after: now" and committed to ALL SUPPORTED BRANCHES AT ONCE, I have no objection. If not, keeping ca_root_nss port and updated ASAP with upstream should be mandatory. -- Tomoaki AOKI <junchoon@dec.sakura.ne.jp>