On Fri, 2015-09-04 at 11:25 +0200, Kurt Roeckx wrote: > On 2015-09-03 20:22, Kathleen Wilson wrote: > > 2) Remove included root certs that only have the Code Signing trust bit > > enabled. To our knowledge, no one is using such root certs via the NSS > > root store. > > I'm wondering how you currently support things like java applets. As > far as I understand for some activity of them you need to have them > signed. Is this handled by the java plugin itself? Where does it get > it's root store from?
A Java runtime can include its own root store. For OpenJDK on Fedora Linux, my understanding is, we configure it to use the system's trust store, which contains the Mozilla trust bits. Kai _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
