On Tue, Sep 8, 2015 at 11:04 AM, Kurt Roeckx <k...@roeckx.be> wrote: > On Tue, Sep 08, 2015 at 10:58:39AM -0700, Kathleen Wilson wrote: >> 28. Remove Code Signing trust bits. As of Firefox 38, add-ons are signed >> using Mozilla's own roots. There doesn't appear to be anyone else using the >> roots in the NSS root store for Code Signing. -- currently under discussion >> in mozilla.dev.security.policy. > > As already pointed out, this is probably at least used by java on > most Linux distributions.
Are you aware of any Java implementations that use the trust bits? >From what I've seen most Linux distributions create trust store bundles by either ignoring the trust bits or only filtering out explicit distrust. Thanks, Peter _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy