raggi
commented
8 years ago I'd be concerned that this could be leaking public certs across user boundaries, as login chains are semi-private and this CA bundle is system wide.
I do realize that one of the most common use cases here is a single user development system, but I'm interested to hear thoughts about an approach that might satisfy all the requirements. Any ideas?
Some certs (especially manually imported ones) get installed in the login keychain. In order to make sure those get synced, this script should pull them in too.