On Mon, 2014-09-08 at 09:48 -0500, Michael Catanzaro wrote: > 2) The latest upstream version of ca-certificates removes several root > certs with 1024-bit RSA keys, even though valid certificates issued by > those certs are still in use [2]. Fedora 21 already has the latest > version of ca-certificates, and it has broken popular web sites, > including as amazon.com and kickstarter.com, in Epiphany. Please > consider delaying any planned update of this package for a few months, > until the fallout [3] has passed. Distros shipping GNOME 3.14 should > strongly consider sticking with the previous release of > ca-certificates, > from March 2014.
Hi GNOME distributors, Fedora has documented at [1] a list of CA certificates removed by Mozilla that are still required for glib-networking to be compatible with many web sites. It's now safe to update your ca-certificates package if you take care to restore these legacy certificates with their original trust bits. If you choose to update ca-certificates without ensuring that these certificates remain installed with their original trust bits, we will not handle TLS-related bug reports from your distro. [1] https://fedoraproject.org/wiki/CA-Certificates
signature.asc
Description: This is a digitally signed message part
_______________________________________________ epiphany-list mailing list [email protected] https://mail.gnome.org/mailman/listinfo/epiphany-list
