pkgsrc-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: How to handle updates to mozilla-rootcerts?
* On 2018-04-18 at 23:46 BST, Greg Troxel wrote:
> The idea that you install some random package and as a side effect the
> set of configured system trust anchors changes is not ok. So we
> either need some explicit user choice to let mozilla-rootcerts control
> system trust anchors, or a rule that it can't be a dependency.
Could someone explain why this isn't ok? I'll admit I don't really
understand why people have issues with this. My vague understanding
is that some folks don't trust all of the CAs bundled in this package
and go through and weed out the ones they don't like, but then what do
they do about domains that are signed by that CA?
If it's only a small minority of people who do this, then it seems
unfair to ruin everyone else's experience, when those who do have such
concerns are likely technical enough to implement a post-install way
of doing the pruning or setting a build flag or whatever without
affecting users who just want HTTPS to work out of the box.
--
Jonathan Perkin - Joyent, Inc. - www.joyent.com
Home |
Main Index |
Thread Index |
Old Index