On May 23, 2022, at 18:35, Jim DeLaHunt wrote: > 1. port curl-ca-bundle is a subport of port curl[2], > 2. it looks to me like port curl-ca-bundle only got updated about 7 times in > the last 43 months[3] > 3. it looks as if port curl-ca-bundle updates a file within curl, > security/nss/lib/ckfw/builtins/certdata.txt, and does some make and > install operations. Maybe building and installing curl itself does > those same operations. > 4. Thus, maybe a version update to port curl also functions as an > update to port curl-ca-bundle, but I'm not sure.
The curl ca bundle is installed by the curl-ca-bundle port, not by the curl port. The curl port depends on the curl-ca-bundle port. > If #4 is true, it makes me wonder if maybe port curl-ca-bundle's values for > certdata_updated (epoch time) and certdata_date should get updated each time > the curl version gets updated. No, they shouldn't. certdata_updated and certdata_date are to be changed only when curl-ca-bundle is updated to a new version of certdata.txt. certdata_updated is used by the portfile to make MacPorts fetch certdata.txt from mozilla only within a short period after it was updated; after that time the port assumes MacPorts has mirrored the file and it then fetches only from MacPorts mirrors. This is to reduce the load on the mozilla server.
