tags 647849 + pending thanks On 11/19/2011 04:55 AM, Thijs Kinkhorst wrote: > Given that all the CRL's have expired for years it does seem good to remove > them from the next upload of ca-certificates. > > I'm not sure about the necessity of stable updates. While it indeed seems to > have gone out of business or similar, it was webtrust certified in the past > and as far as I can see there are no indications that there's acute danger > with these certificates, is there?
There is no danger, and it can be better information for users to leave expired certificates so an application may error with "expired", instead of simply "untrusted" - see #493376 and #296827. However, I committed the removal of the CAs to keep cleaning up the clutter. -- Kind regards, Michael
signature.asc
Description: OpenPGP digital signature
