[MacPorts] #63740: [apple-pki-bundle] : extend to cover all certificates from "System Roots"
MacPorts
noreply at macports.org
Mon Nov 1 12:55:57 UTC 2021
#63740: [apple-pki-bundle] : extend to cover all certificates from "System Roots"
-------------------------------+--------------------
Reporter: RJVB | Owner: (none)
Type: enhancement | Status: new
Priority: Normal | Milestone:
Component: ports | Version:
Resolution: | Keywords:
Port: apple-pki-bundle |
-------------------------------+--------------------
Comment (by mascguy):
Replying to [comment:9 essandess]:
> Replying to [comment:6 RJVB]:
>> I see no evidence in the Portfile that the certificates are actually
being added to any of the OS's certificate stores.
>
> If there’s a circumstance for which a port installs CAs in the System
Keychain, I can’t imagine what that would be. This sounds like a Bad Idea.
Users/Admins should manage their PKI.
Perhaps the port could include an ultra-simple shell script to effect the
changes? We'd want the script to backup the keychain first, and tell the
user where said backup is. But otherwise, this would simply everyone's
life, without forcibly making changes.
We'd also want to include a port note, mentioning the helper script. Along
with a quick blurb on how to use it.
How does that sound?
--
Ticket URL: <https://trac.macports.org/ticket/63740#comment:10>
MacPorts <https://www.macports.org/>
Ports system for macOS
More information about the macports-tickets
mailing list