On Thursday 03 September 2015 11:22:26 Kathleen Wilson wrote: > 2) Remove included root certs that only have the Code Signing trust > bit enabled. To our knowledge, no one is using such root certs via > the NSS root store.
I'm not familiar with the project, but Fedora Shared System Certificates[1] does use Mozilla Root list and it does encompass Java trust stores so Code Signing bits at the very least _should_ be used, if not already are used. 1 - https://fedoraproject.org/wiki/Features/SharedSystemCertificates -- Regards, Hubert Kario Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
