On Thu, Jan 16, 2025 at 08:38:03PM +0100, Theo Buehler wrote:
> On Thu, Jan 16, 2025 at 07:33:44PM +0000, Job Snijders wrote:
> > Dear all,
> > 
> > ARIN revised their Trust Anchor Locator, their TAL now includes a
> > BSD-style disclaimer of warranties in the optional comment section.
> > 
> > https://www.arin.net/announcements/20250116-tal/
> > 
> > OK?
> 
> Unbelievable.  Needs a matching entry in distrib/sets/lists/base/mi
>
> ok tb

Ah, thanks!

Perhaps we should also update the rpki-client(8) man page?

Index: ./distrib/sets/lists/base/mi
===================================================================
RCS file: /cvs/src/distrib/sets/lists/base/mi,v
diff -u -p -r1.1152 mi
--- ./distrib/sets/lists/base/mi	10 Dec 2024 08:41:46 -0000	1.1152
+++ ./distrib/sets/lists/base/mi	16 Jan 2025 20:08:50 -0000
@@ -297,6 +297,7 @@
 ./etc/rpki/apnic.constraints
 ./etc/rpki/apnic.tal
 ./etc/rpki/arin.constraints
+./etc/rpki/arin.tal
 ./etc/rpki/lacnic.constraints
 ./etc/rpki/lacnic.tal
 ./etc/rpki/ripe.constraints
Index: etc/rpki/arin.tal
===================================================================
RCS file: etc/rpki/arin.tal
diff -N etc/rpki/arin.tal
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ etc/rpki/arin.tal	16 Jan 2025 20:08:50 -0000
@@ -0,0 +1,20 @@
+# THIS TRUST ANCHOR LOCATOR IS PROVIDED BY THE AMERICAN REGISTRY FOR
+# INTERNET NUMBERS (ARIN) "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+# IN NO EVENT SHALL ARIN BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS PUBLIC KEY, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+https://rrdp.arin.net/arin-rpki-ta.cer
+rsync://rpki.arin.net/repository/arin-rpki-ta.cer
+
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3lZPjbHvMRV5sDDqfLc/685th5Fn
+reHMJjg8pEZUbG8Y8TQxSBsDebbsDpl3Ov3Cj1WtdrJ3CIfQODCPrrJdOBSrMATeUbPC+JlN
+f2SRP3UB+VJFgtTj0RN8cEYIuhBW5t6AxQbHhdNQH+A1F/OJdw0q9da2U29Lx85nfFxvnC1E
+pK9CbLJS4m37+RlpNbT1cba+b+loXpx0Qcb1C4UpJCGDy7uNf5w6/+l7RpATAHqqsX4qCtww
+DYlbHzp2xk9owF3mkCxzl0HwncO+sEHHeaL3OjtwdIGrRGeHi2Mpt+mvWHhtQqVG+51MHTyg
++nIjWFKKGx1Q9+KDx4wJStwveQIDAQAB
Index: etc/Makefile
===================================================================
RCS file: /cvs/src/etc/Makefile,v
diff -u -p -r1.490 Makefile
--- etc/Makefile	30 Jun 2024 17:30:54 -0000	1.490
+++ etc/Makefile	16 Jan 2025 20:08:50 -0000
@@ -156,8 +156,8 @@ distribution-etc-root-var: distrib-dirs
 		    ${DESTDIR}/etc/ppp
 	cd rpki; \
 		${INSTALL} -c -o root -g wheel -m 644 \
-		    afrinic.tal apnic.tal lacnic.tal ripe.tal \
-		    arin.constraints afrinic.constraints apnic.constraints \
+		    afrinic.tal apnic.tal arin.tal lacnic.tal ripe.tal \
+		    afrinic.constraints apnic.constraints arin.constraints \
 		    lacnic.constraints ripe.constraints \
 		    ${DESTDIR}/etc/rpki
 	cd examples; \
Index: usr.sbin/rpki-client/rpki-client.8
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/rpki-client.8,v
diff -u -p -r1.119 rpki-client.8
--- usr.sbin/rpki-client/rpki-client.8	3 Jan 2025 10:32:21 -0000	1.119
+++ usr.sbin/rpki-client/rpki-client.8	16 Jan 2025 20:08:50 -0000
@@ -303,6 +303,7 @@ URL of HTTP proxy to use.
 default TAL files used unless
 .Fl t Ar tal
 is specified.
+The TAL files of the five Regional Internet Registries are included.
 .It Pa /etc/rpki/*.constraints
 files containing registry-specific constraints to restrict what IP addresses
 and AS identifiers may or may not appear in EE certificates subordinate to the
@@ -316,11 +317,6 @@ cached repository data.
 .It Pa /var/db/rpki-client/openbgpd
 default roa-set output file.
 .El
-.Pp
-All the top-level TAL are included, except the ARIN TAL which is not
-made available with terms compatible with open source.
-That public key is treated as a proprietary object in a lengthy legal
-agreement regarding ARIN service restrictions.
 .Sh EXIT STATUS
 .Ex -std
 .Sh SEE ALSO