On 04/10/15 13:18, [email protected] wrote: > As to whether or not to remove the trust bits for code signing and > email, I guess I would ask: Why did Mozilla include/create the trust > bits in the first place?
You would need to ask Netscape :-) > Was it only to support Mozilla applications > like Thunderbird? Or was it to serve as a public resource, beyond > Mozilla applications? This is an interesting question of history, but not particularly useful in the current discussion, because whether or not we had a good reason back then, the real question is whether we have one _now_ :-) > I don’t think it’s realistic to expect every application that is > dependent on code signing and/or email certs to maintain its own > individual trusted root store. Perhaps they will default to the > Windows root store instead of the Mozilla NSS root store – is that > good for Mozilla’s future? Again, separating code and email, we are still looking for actual real examples of applications using the NSS code-signing bit. Gerv _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
