Until recently, Mozilla maintained three individual trust bits for each root CA certificate: - trust for TLS servers - trust for email security - trust for code signing
The next CA update from Mozilla will switch the code signing trust bit OFF for all CAs. Mozilla will no longer maintain this trust bit. SeeĀ https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/004uvRRnVyY for background. I'm not aware of anyone using this trust bit. The removal might have no effect. This update of the CA list is supposed to get published with Firefox 56 on September 26. In order to allow the Fedora community to test potential effects of this change, I intend to publish an update to the ca-certificates packages early, and keep it in updates-testing for a few weeks. Tracking bug: https://bugzilla.redhat.com/show_bug.cgi?id=1472468 Thanks Kai _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org
