On Fri, 2015-09-04 at 14:26 +0200, Hubert Kario wrote: > On Thursday 03 September 2015 11:22:26 Kathleen Wilson wrote: > > 2) Remove included root certs that only have the Code Signing trust > > bit enabled. To our knowledge, no one is using such root certs via > > the NSS root store. > > I'm not familiar with the project, but Fedora Shared System > Certificates[1] does use Mozilla Root list and it does encompass Java > trust stores so Code Signing bits at the very least _should_ be used, if > not already are used. > > 1 - https://fedoraproject.org/wiki/Features/SharedSystemCertificates
It's correct that Fedora and Red Hat Linux (and potentially other Linux distributions, too) use the code signing trust information for a systemwide trust store, and applications can use it to verify signatures on code. Kai _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
