In mail/rspamd/Makefile security/ca_root_nss is sepcified as RUN_DEPENDS. According to commit log it was added with following commit. ---------------------------------------------------------------------- commit 28ef9363638f Author: Vsevolod Stakhov <vsevolod@FreeBSD.org> AuthorDate: Wed Mar 21 18:22:06 2018 +0000 Commit: Vsevolod Stakhov <vsevolod@FreeBSD.org> CommitDate: Wed Mar 21 18:22:06 2018 +0000 Update rspamd port to 1.7.1 - fix plist (install config files using @sample, was broken in patch from PR 226646) - build only one neural net module: fann or torch - rspamd has https client - add ca_root_nss dependency PR: 226802 Submitted by: Anton Yuzhaninov <citrin+pr at citrin.ru> ---------------------------------------------------------------------- IIRC base system of FreeBSD didn't yet include CA certificates at that time. So adding security/ca_root_nss as RUN_DEPENDS was reasonable. But now base system of all supported FreeBSD versions includes CA certificates. Then is it possible to remove security/ca_root_nss from RUN_DEPENDS?
(In reply to Yasuhiro Kimura from comment #0) I think we should keep it. security/ca_root_nss is likely to be updated more often than the base ca_root_nss. What do you think?
If we have that in the base system we can probably live with the base system version and remove this RUN_DEPENDS. However, I don't have a strong opinion on that.
(In reply to Vsevolod Stakhov from comment #2) My concern is that the port is updated more often and I'm not sure how often we import the mozilla certs in base. Right now, in my updated 14.1 system, ca-root-nss from base and from ports differ: /usr/share/certs/trusted$ diff <(grep -h Issuer * | sort) <(grep -h Issuer /usr/local/share/certs/ca-root-nss.crt | sort) 16,17d15 < Issuer: C = CN, O = "TrustAsia Technologies, Inc.", CN = TrustAsia Global Root CA G3 < Issuer: C = CN, O = "TrustAsia Technologies, Inc.", CN = TrustAsia Global Root CA G4 29,30d26 < Issuer: C = DE, O = Deutsche Telekom Security GmbH, CN = Telekom Security TLS ECC Root 2020 < Issuer: C = DE, O = Deutsche Telekom Security GmbH, CN = Telekom Security TLS RSA Root 2023 33a30 > Issuer: C = ES, CN = Autoridad de Certificacion Firmaprofesional CIF A62634068 61a59 > Issuer: C = JP, O = SECOM Trust.net, OU = Security Communication RootCA1 97,100d94 < Issuer: C = US, O = CommScope, CN = CommScope Public Trust ECC Root-01 < Issuer: C = US, O = CommScope, CN = CommScope Public Trust ECC Root-02 < Issuer: C = US, O = CommScope, CN = CommScope Public Trust RSA Root-01 < Issuer: C = US, O = CommScope, CN = CommScope Public Trust RSA Root-02
Hi there, I rather not have this PR lingering around :-) If there is not opposition, I think we should keep the dependency. The port is updated often and mail/rspamd would benefit from that, IMO.