On 1/19/23 18:04, Eugene Grosbein wrote:
Given /usr/share/certs exists for all supported releases, is there any reason
to keep the ca_root_nss port?
Just my 2c...
Single port may be updates more frequently and easily than base system.
I agree on this, but there's another problem.
Base has single certs in /etc/ssl/certs, where I can add my own private
CAs' ones.
Port provides a single bundled file in
/usr/local/etc/ssl/cert.pem.
This (at least in some cases) overrides completely the ones in
/etc/ssl/certs, so my own private CAs will not work anymore
In the end, I have to delete /usr/local/etc/ssl/cert.pem every time the
port creates it (and currently I have found no way to prevent it from
doing this).
So a port would be fine, possibly very appreciated, if it woulnd't
disrupt base/local.
bye
av.
Then there's www/p5-Mozilla-CA and possibly others...
