On Mon, 23 Nov 2020 15:08:13 GMT, Sean Mullan <mul...@openjdk.org> wrote:
> This change removes five root certificates with 1024-bit RSA public keys from > the system-wide `cacerts` keystore. These are older VeriSign and Thawte root > CA certificates which are no longer necessary to retain and should have > minimal compatibility risk if removed. > > See the CSR for more details: https://bugs.openjdk.java.net/browse/JDK-8256502 Marked as reviewed by weijun (Reviewer). Looks fine. One nit: I see that the `VerifyCACerts.java` test has a whole bunch of `@bug` ids. Maybe we should add this new one as well? ------------- PR: https://git.openjdk.java.net/jdk/pull/1387
