On 9/9/2015 8:43 AM, Hubert Kario wrote: > On Tuesday 08 September 2015 11:08:50 Peter Bowen wrote: >> On Tue, Sep 8, 2015 at 11:04 AM, Kurt Roeckx <[email protected]> wrote: >>> On Tue, Sep 08, 2015 at 10:58:39AM -0700, Kathleen Wilson wrote: >>>> 28. Remove Code Signing trust bits. As of Firefox 38, add-ons are >>>> signed using Mozilla's own roots. There doesn't appear to be >>>> anyone else using the roots in the NSS root store for Code >>>> Signing. -- currently under discussion in >>>> mozilla.dev.security.policy. >>> >>> As already pointed out, this is probably at least used by java on >>> most Linux distributions. >> >> Are you aware of any Java implementations that use the trust bits? >> From what I've seen most Linux distributions create trust store >> bundles by either ignoring the trust bits or only filtering out >> explicit distrust. > > Fedora 22 does not > > in fact, in /etc/pki/ca-trust/extracted/pem/ you have three files with > the trust stores extracted: > email-ca-bundle.pem > objsign-ca-bundle.pem > tls-ca-bundle.pem > according to the bits present >
PLEASE DO NOT reply to both a Mozilla newsgroup and its associated mailing list. Each feeds the other. Thus, your message now appears twice. Instead, reply to one OR the other. See <https://www.mozilla.org/en-US/about/forums/> to determine which Mozilla mailing lists are associated with which Mozilla newsgroups. -- David E. Ross The Crimea is Putin's Sudetenland. The Ukraine will be Putin's Czechoslovakia. See <http://www.rossde.com/editorials/edtl_PutinUkraine.html>. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
