On 03/09/15 19:22, Kathleen Wilson wrote: > 2) Remove included root certs that only have the Code Signing trust bit > enabled. To our knowledge, no one is using such root certs via the NSS > root store.
This seems like a half-way house. If no-one is using our root store as a code-signing root store, we should stop supporting the code-signing bit entirely, remove the bit from all roots, and remove the UI associated with it in all apps. But if we still want to support the code-signing use case, we shouldn't remove these roots. Gerv _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
