John-Mark Gurney wrote:
Dan Lukes wrote this message on Thu, Jul 03, 2014 at 02:26 +0200:
If I consider a CA to be trustworthy, I will insert it's certificate to
trusted store. No one is welcomed to make such decision in behalf of me.
As others have said, you can customize FreeBSD how you want.. There
is no, we will uninstall FreeBSD if you uninstall (or set WITHOUT_xxx)
on your FreeBSD system...
So we agree that customization is required, the question is what a user
has to do to effect this customization:
1. install a package (possibly included on the install media), or
2. set WITHOUT_MOZILLA_CA_BUNDLE and rebuild FreeBSD.
To me, the approach that doesn't require "rebuild FreeBSD" is the
simpler one.
It also doesn't require a Security Advisory every time a CA gets dropped
from Mozilla's bundle (which ought to happen a lot). Ports get updated,
people get that. I don't think we should introduce things in the base
system that we *know* will require SAs, freebsd-update, etc.
Jon
--
Jonathan Anderson
jonat...@freebsd.org
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
