path: root/UPDATING
diff options
authorKyle Evans <kevans@FreeBSD.org>2020-04-30 14:38:55 +0000
committerKyle Evans <kevans@FreeBSD.org>2020-04-30 14:38:55 +0000
commit29b97d24d0dad35902bb4065bbd686c489c23edc (patch)
treec6eeca23b19379983161a0c237ef4530a3780d4c /UPDATING
parenta37a0e5b90aaba26e23da8833b6fce8c8d60bc36 (diff)
MFC r355423: UPDATING: Add [less] long-belated note about certs in base
While the interaction between this and the ETCSYMLINK option of security/ca_root_nss isn't necessarily fatal, one should be aware and attempt to understand the ramifications of mixing the two. ports-secteam will be contacted to discuss the default option for branches where certs are being included in base.
Notes: svn path=/stable/12/; revision=360495
Diffstat (limited to 'UPDATING')
1 files changed, 10 insertions, 0 deletions
diff --git a/UPDATING b/UPDATING
index 569e424b596f..eb359493a4eb 100644
@@ -16,6 +16,16 @@ from older versions of FreeBSD, try WITHOUT_CLANG and WITH_GCC to bootstrap to
the tip of head, and then rebuild without this option. The bootstrap process
from older version of current across the gcc/clang cutover is a bit fragile.
+ The root certificates of the Mozilla CA Certificate Store have been
+ imported into the base system and can be managed with the certctl(8)
+ utility. If you have installed the security/ca_root_nss port or package
+ with the ETCSYMLINK option (the default), be advised that there may be
+ differences between those included in the port and those included in
+ base due to differences in nss branch used as well as general update
+ frequency. Note also that certctl(8) cannot manage certs in the
+ format used by the security/ca_root_nss port.
Clang, llvm, lld, lldb, compiler-rt, libc++, libunwind and openmp have
been upgraded to 9.0.1. Please see the 20141231 entry below for