[blfs-dev] CA Certificates
bruce.dubbs at gmail.com
Sun Mar 9 18:45:24 PDT 2014
DJ Lucas wrote:
> On 03/06/14 11:15, Bruce Dubbs wrote:
>> Henrik /KaarPoSoft wrote:
>>> Dear all,
>>> you indicate to download CA Certificates from:
>>> However, on the "mxr frontpage"
>>> the branch "Mozilla CVS"
>>> is described as follows:
>>> This contains the entire current CVS repository.
>>> For Gecko, XULRunner, and Firefox, CVS trunk is no longer the trunk,
>>> and is instead used for Gecko 1.9 / Firefox 3 and the 1.9.0.* / 3.0.*
>>> security releases.
>>> So I would like to suggest that alternative sources may be described a well.
>>> See e.g.
>>> (You are more that welcome to link to this page, if you find it
>>> We are not the only ones struggling to figure out which branch to use.
>>> See e.g. the thread started here:
>>> The integrity of the certdata.txt file is essential,
>>> so I would also like to suggest that
>>> 1) you download from https://hg.mozilla.org/...
>>> 2) you include a sha256 checksum for the file.
>> It would seem that
>> is correct right now, but I don't see a way to specify 'current' or
>> 'latest' for the raw file that we need.
>> We could write a script to download the html and then parse the raw file
>> URL, but that would require downloading a 5M file just to get the url of
>> a 1.5M files. :(
>> I don't see how we can give a checksum if the file is changing. We need
>> to let users decide which version they need.
>> I'd be interested in other ideas.
>> -- Bruce
> Couple of possible suggestions. First, and easiest, leave it alone. I
> know that the file in that repo was updated at least fairly recently.
Really? When I download that file I get:
CVS_ID "@(#) $RCSfile: certdata.txt,v $ $Revision: 1.87 $ $Date:
2012/12/29 16:32:45 $"
> I'd imagine it will continue unless they are killing off maintenance on
> 1.9. Second, look at the url in the comments of the perl script which
> was taken from Fedora. It has a link to their package, just follow their
That's the same file.
A third possible solution is to add a comment to the each of the 4
> Mozilla packages to update a copy of the cacerts.txt on Anduin from
> whichever is the latest package at the time of update. Personally, the
> third is my favorite, but it adds editor work.
Well there is
updates daily. I was thinking of adding a CVS line to it so the scripts
don't have to change.
The files in the packages are snapshots of those I think. The issue I
have is that they need to have a way to identify the version number or
date the file was updated.
More information about the blfs-dev