Re: Removal of code signing trust bits from ca-certificates

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



There hasn't been any negative feedback, neither in Rawhide, nor from updates
testing.

I've just pushed the update to stable F25 and F26.

Kai


On Tue, 2017-07-18 at 22:11 +0200, Kai Engert wrote:
> Until recently, Mozilla maintained three individual trust bits for each root
> CA
> certificate:
> - trust for TLS servers
> - trust for email security
> - trust for code signing
> 
> The next CA update from Mozilla will switch the code signing trust bit
> OFF for all CAs.
> 
> Mozilla will no longer maintain this trust bit.
> 
> See 
> https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/004uvRRnVy
> Y
> for background.
> 
> I'm not aware of anyone using this trust bit. The removal might have no
> effect.
> 
> This update of the CA list is supposed to get published with Firefox 56 on
> September 26.
> 
> In order to allow the Fedora community to test potential effects of this
> change,
> I intend to publish an update to the ca-certificates packages early, and keep
> it
> in updates-testing for a few weeks.
> 
> Tracking bug:
> https://bugzilla.redhat.com/show_bug.cgi?id=1472468
> 
> Thanks
> Kai
> _______________________________________________
> devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux