Re: Removal of code signing trust bits from ca-certificates

There hasn't been any negative feedback, neither in Rawhide, nor from updates testing. I've just pushed the update to stable F25 and F26. Kai On Tue, 2017-07-18 at 22:11 +0200, Kai Engert wrote: > Until recently, Mozilla maintained three individual trust bits for each root > CA > certificate: > - trust for TLS servers > - trust for email security > - trust for code signing > > The next CA update from Mozilla will switch the code signing trust bit > OFF for all CAs. > > Mozilla will no longer maintain this trust bit. > > See > https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/004uv... > Y > for background. > > I'm not aware of anyone using this trust bit. The removal might have no > effect. > > This update of the CA list is supposed to get published with Firefox 56 on > September 26. > > In order to allow the Fedora community to test potential effects of this > change, > I intend to publish an update to the ca-certificates packages early, and keep > it > in updates-testing for a few weeks. > > Tracking bug: > https://bugzilla.redhat.com/show_bug.cgi?id=1472468 > > Thanks > Kai > _______________________________________________ > devel mailing list -- devel(a)lists.fedoraproject.org > To unsubscribe send an email to devel-leave(a)lists.fedoraproject.org