It's worth bearing in mind that a leaked private key has so far not been reproducible on Debian, only for first request on specific configurations of FreeBSD.
Following from that, it is really questionable whether such mass certificate compromises have really happened, and whether removal of Startcom CA would have any quantifiable benefit. I believe the onus is on the bug submitter to demonstrate such a compromise has occurred before this request should be seriously considered. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
