[blfs-dev] CA Certificates

Henrik /KaarPoSoft henrik at kaarposoft.dk
Thu Mar 6 08:11:58 PST 2014


Dear all,

On
http://www.linuxfromscratch.org/blfs/view/svn/postlfs/cacerts.html
you indicate to download CA Certificates from:
http://mxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/certdata.txt?raw=1

However, on the "mxr frontpage"
http://mxr.mozilla.org/
the branch "Mozilla CVS"
http://mxr.mozilla.org/mozilla/
is described as follows:

QUOTE
This contains the entire current CVS repository.
For Gecko, XULRunner, and Firefox, CVS trunk is no longer the trunk,
and is instead used for Gecko 1.9 / Firefox 3 and the 1.9.0.* / 3.0.* 
security releases.
UNQUOTE

So I would like to suggest that alternative sources may be described a well.
See e.g.
http://kaarpux.kaarposoft.dk/packages/c/certdata.html#certificates_from_mozilla

(You are more that welcome to link to this page, if you find it 
appropriate).

We are not the only ones struggling to figure out which branch to use.
See e.g. the thread started here:
http://curl.haxx.se/mail/archive-2013-12/0033.html

The integrity of the certdata.txt file is essential,
so I would also like to suggest that
1) you download from https://hg.mozilla.org/...
2) you include a sha256 checksum for the file.

/Henrik

PS: I have some problems with my subscription, so please CC me on any 
replies.



More information about the blfs-dev mailing list