I just reread the 3 packages. At this point my opinion is that: 0) nothing in pkgsrc depends on ca-certificates, which is good. 1) ca-certificates doesn't explain that it's a port of a Debian package and this should be fixed. That's easy. 2) there is no version of ca-certificates that just installs bits in $PREFIX/share. Also fairly easy, perhaps rides along with 3) 3) I see update-ca-certificates in INSTALL, but no mechanism to undo that on deinstallaion. This is the big problem, even if what is left is dangling symlinks. (If an admin runs it by hand, that's their problem, not pkgsrc's. This is about it happening via pkg_install.) A way forward is to drop INSTALL, fixing 3, and as a side effect fixing 2. And to add to DESCR a sentence about where it comes from, along with gdt-style statements about things that aren't clear (does or might debian modify the mozilla set?), which anyone is welcome to fix by clarifying :-) Then, there could be ca-certificates-openssl depending on this with INSTALL and DEINSTALL, such that pkg_add/pkg_delete of it results in no change (except that mozilla-openssl-rootcerts and this colliding isn't a big deal and they should be marked as conflicting). I believe that mozilla-rootcerts-openssl avoids problem 3. (I am not trying to insist that installing/deinstalling such a package won't munge existing config of these certs, just that installing/deinstalling when base doesn't have this config already results in no change.) I realize this probably makes nobody truly happy, but it seems to be a reasonable middle ground. So I'll go ahead and enhance DESCR (which should be uncontroversial), and will drop INSTALL after a few days absent an argument why leaving things outside of prefix after an install/deinstall cycle is ok, or that I'm confused and it doesn't do that.
Attachment:
signature.asc
Description: PGP signature