On Friday, November 4, 2016 at 4:49:28 AM UTC-7, Gervase Markham wrote: > On 03/11/16 18:09, Andrew Ayer wrote: > > This is just as bad as signing an actual cert with SHA-1. > > Add: > https://bugzilla.mozilla.org/show_bug.cgi?id=1315225 (Symantec) > > Gerv
I updated the bug to say that this was disclosed back in March and discussed on https://groups.google.com/forum/#!searchin/mozilla.dev.security.policy/64$3Aa9$3A32$3A73$3Aa4$3A19$3Ad1$3A64/mozilla.dev.security.policy/siHOXppxE9k/0PLPVcktBAAJ _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy