UPDATING: Add long-belated note about certs in base

While the interaction between this and the ETCSYMLINK option of security/ca_root_nss isn't necessarily fatal, one should be aware and attempt to understand the ramifications of mixing the two. ports-secteam will be contacted to discuss the default option for branches where certs are being included in base.
svn path=/head/; revision=355423
2019-12-05 15:32:33 +00:00 · 2019-12-05 15:32:33 +00:00 · 6d69608c0a · 2020-12-20 02:59:44 +00:00
commit 6d69608c0a
parent 0cf6ff0a77
1 changed files with 10 additions and 0 deletions
--- a/10
+++ b/10
@ -26,6 +26,16 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 13.x IS SLOW:
 	disable the most expensive debugging functionality run
 	"ln -s 'abort:false,junk:false' /etc/malloc.conf".)

+20191205:
+	The root certificates of the Mozilla CA Certificate Store have been
+	imported into the base system and can be managed with the certctl(8)
+	utility.  If you have installed the security/ca_root_nss port or package
+	with the ETCSYMLINK option (the default), be advised that there may be
+	differences between those included in the port and those included in
+	base due to differences in nss branch used as well as general update
+	frequency.  Note also that certctl(8) cannot manage certs in the
+	format used by the security/ca_root_nss port.
+
 20191120:
 	The amd(8) automount daemon has been disabled by default, and will be
 	removed in the future.  As of FreeBSD 10.1 the autofs(5) is available