head	1.2;
access;
symbols
	RELEASE_5_EOL:1.1
	RELEASE_7_0_0:1.1
	RELEASE_6_3_0:1.1
	PRE_XORG_7:1.1
	RELEASE_4_EOL:1.1
	RELEASE_6_2_0:1.1
	RELEASE_6_1_0:1.1
	RELEASE_5_5_0:1.1
	RELEASE_6_0_0:1.1
	RELEASE_5_4_0:1.1
	RELEASE_4_11_0:1.1
	RELEASE_5_3_0:1.1
	RELEASE_4_10_0:1.1
	RELEASE_5_2_1:1.1
	RELEASE_5_2_0:1.1
	RELEASE_4_9_0:1.1
	RELEASE_5_1_0:1.1
	RELEASE_4_8_0:1.1
	RELEASE_5_0_0:1.1
	RELEASE_4_7_0:1.1
	RELEASE_4_6_2:1.1
	RELEASE_4_6_1:1.1
	RELEASE_4_6_0:1.1
	RELEASE_5_0_DP1:1.1
	RELEASE_4_5_0:1.1
	RELEASE_4_4_0:1.1
	RELEASE_4_3_0:1.1
	RELEASE_4_2_0:1.1
	RELEASE_4_1_1:1.1;
locks; strict;
comment	@# @;


1.2
date	2008.06.29.16.48.00;	author simon;	state dead;
branches;
next	1.1;

1.1
date	2000.09.05.17.36.47;	author nsayer;	state Exp;
branches;
next	;


desc
@@


1.2
log
@Retire the ca-roots ports, which expired long ago.

The port is deprecated since it is not supported by the FreeBSD
Security Officer anymore.  The reason for this is that the ca-roots
port makes promises with regard to CA verification which the current
Security Officer (and deputy) do not want to make.

For people who need a general root certificate list see the
security/ca_root_ns, but note that the difference in guarantees with
regard to which CAs are included in ca_root_ns vs. ca-roots.  The
ca_root_ns port basically makes no guarantees other than that the
certificates comes from the Mozilla project.

Note that the ca-roots MOVED file entry on purpose does not point at
ca_root_ns due to the change in CA guarantees.

With hat:	security-officer
@
text
@This port simply contains a list of SSL Certificate Authority root
certificates. Such a list performs a similar role for SSL Certificate
verfication that the root cache does for DNS servers.

This list originally came from mod_ssl (where it was ca-bundle.crt. They
originally got their list from Netscape Communicator/Navigator),
but will be maintained separately. The maintainer will apply strict
criteria to suggestions for additions to this list (in concert with
the FreeBSD security officer). CAs wishing to be added will need
to assure the FreeBSD user community that their certification procedures
are sufficiently secure to render their certificates trustworthy.
@


1.1
log
@ca-roots port -- a list of SSL Certificate Authority root certs
@
text
@@

