d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

UPDATING: Add long-belated note about certs in base

Browse Source 
While the interaction between this and the ETCSYMLINK option of
security/ca_root_nss isn't necessarily fatal, one should be aware and
attempt to understand the ramifications of mixing the two.

ports-secteam will be contacted to discuss the default option for branches
where certs are being included in base.
This commit is contained in:
Kyle Evans 2019-12-05 15:32:33 +00:00
parent 0cf6ff0a77
commit 6d69608c0a
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
UPDATING
View File

@ -26,6 +26,16 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 13.x IS SLOW:
disable the most expensive debugging functionality run
"ln -s 'abort:false,junk:false' /etc/malloc.conf".)
20191205:
The root certificates of the Mozilla CA Certificate Store have been
imported into the base system and can be managed with the certctl(8)
utility. If you have installed the security/ca_root_nss port or package
with the ETCSYMLINK option (the default), be advised that there may be
differences between those included in the port and those included in
base due to differences in nss branch used as well as general update
frequency. Note also that certctl(8) cannot manage certs in the
format used by the security/ca_root_nss port.
20191120:
The amd(8) automount daemon has been disabled by default, and will be
removed in the future. As of FreeBSD 10.1 the autofs(5) is available