Hi, Is any important software (e.g. openssl, gnutls, glib-networking, Qt) in Fedora still relying on our legacy 1024-bit root RSA certificates? I believe Fedora is currently the only distro currently shipping these insecure root certificates. Originally, this was a good choice (and big thanks to Kai Engert for making it happen) because they were needed for compatibility with software using OpenSSL or GLib sockets. Nowadays, I'm not aware of any software that still needs them. Since keeping these certificates around is a serious security issue, I propose we remove them if nothing "important" still needs them. You can test if any of your software needs these certificates by running 'sudo ca-legacy disable'. Michael -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx http://lists.fedoraproject.org/admin/lists/devel@xxxxxxxxxxxxxxxxxxxxxxx
