(sorry it's probably not the correct mailing list to bring this issue)
Hi, I'm following the changes made on chromium sources on the root store : https://chromium.googlesource.com/chromium/src.git/+log/refs/heads/main/net/data/ssl/chrome_root_store 1. ccb8b9d <https://chromium.googlesource.com/chromium/src.git/+/ccb8b9d1c624f73c0a547aebf9a57280bef30fe1> Automatic update from google3 <https://chromium.googlesource.com/chromium/src.git/+/ccb8b9d1c624f73c0a547aebf9a57280bef30fe1> by CT Log list updates bot · 2 days ago 2. adce2c1 <https://chromium.googlesource.com/chromium/src.git/+/adce2c112ae3a4cfdfdd1f2b222f3cc99b3c0179> Automatic update from google3 <https://chromium.googlesource.com/chromium/src.git/+/adce2c112ae3a4cfdfdd1f2b222f3cc99b3c0179> by CT Log list updates bot · 6 days ago 3. e88918b5 <https://chromium.googlesource.com/chromium/src.git/+/e88918b508d19a6434ef0e01790e04c391cf1935> Automatic update from google3 <https://chromium.googlesource.com/chromium/src.git/+/e88918b508d19a6434ef0e01790e04c391cf1935> by CT Log list updates bot · 7 days ago 4. 70c5ff7 <https://chromium.googlesource.com/chromium/src.git/+/70c5ff7005040b405ee6abb0af8db6d15ade9561> Automatic update from google3 <https://chromium.googlesource.com/chromium/src.git/+/70c5ff7005040b405ee6abb0af8db6d15ade9561> by CT Log list updates bot · 6 weeks ago 5. 8f37729 <https://chromium.googlesource.com/chromium/src.git/+/8f377296a7a0a23a007a9178465c0f276e45114d> Add OWNERS file to allow bot updates of root_store files. <https://chromium.googlesource.com/chromium/src.git/+/8f377296a7a0a23a007a9178465c0f276e45114d> by Hubert Chao · 7 weeks ago 6. 0eadd64 <https://chromium.googlesource.com/chromium/src.git/+/0eadd64b82cfd8455589b1076e114a1467f0f751> Keep all the certificates in the root store in a single file <https://chromium.googlesource.com/chromium/src.git/+/0eadd64b82cfd8455589b1076e114a1467f0f751> by David Benjamin · 7 weeks ago 7. c93e561 <https://chromium.googlesource.com/chromium/src.git/+/c93e561dfed48cc1b783da31d895c999ea645c30> Merge ev_store_tool and root_store_tool to use the same code gen tool, <https://chromium.googlesource.com/chromium/src.git/+/c93e561dfed48cc1b783da31d895c999ea645c30> by Hubert Chao · 3 months ago 8. e8de2ff <https://chromium.googlesource.com/chromium/src.git/+/e8de2ffc0a338aae082459f50cb4c0b3b993c5cd> root_store_tool: Write a depfile to avoid manually listing indirect dependencies <https://chromium.googlesource.com/chromium/src.git/+/e8de2ffc0a338aae082459f50cb4c0b3b993c5cd> by David Benjamin · 3 months ago 9. babf00e <https://chromium.googlesource.com/chromium/src.git/+/babf00e7c4f702bd3faac5741d2a6545b4377110> Remove 3 expired roots from chrome root store and 2 roots that are <https://chromium.googlesource.com/chromium/src.git/+/babf00e7c4f702bd3faac5741d2a6545b4377110> by Hubert Chao · 4 months ago 10. 02ed30b3 <https://chromium.googlesource.com/chromium/src.git/+/02ed30b3d019f90006a4cfb3961604b09f93a165> Adjust Chrome Root Store code generation tool to allow for relative paths to be handled correctly. <https://chromium.googlesource.com/chromium/src.git/+/02ed30b3d019f90006a4cfb3961604b09f93a165> by Hubert Chao · 7 months ago 11. 45ba98fa <https://chromium.googlesource.com/chromium/src.git/+/45ba98fa54bc776d80c63693d0dc615b3fa45e88> Fix chrome root store codegen for cross-compile builds. <https://chromium.googlesource.com/chromium/src.git/+/45ba98fa54bc776d80c63693d0dc615b3fa45e88> by Hubert Chao · 7 months ago 12. a98de1c6 <https://chromium.googlesource.com/chromium/src.git/+/a98de1c6b2e34feb941b7d81be25375fb41786da> Switch directory structure for Chrome Root Store data to be simpler, and change the root_store_tool to match. <https://chromium.googlesource.com/chromium/src.git/+/a98de1c6b2e34feb941b7d81be25375fb41786da> by Hubert Chao · 9 months ago 13. 7c39043 <https://chromium.googlesource.com/chromium/src.git/+/7c390438e040808f75fe5e16f9b4fad98385ed54> Add Chrome Trust Store to net/cert/internals, plumb it through to <https://chromium.googlesource.com/chromium/src.git/+/7c390438e040808f75fe5e16f9b4fad98385ed54> by Hubert Chao · 9 months ago 14. 14a7cc8 <https://chromium.googlesource.com/chromium/src.git/+/14a7cc85742483f071b7e3f9e6d45d1161d075e5> Add C++ include generation to root_store_tool, build-flag guarded. <https://chromium.googlesource.com/chromium/src.git/+/14a7cc85742483f071b7e3f9e6d45d1161d075e5> by Hubert Chao · 10 months ago 15. caa2438 <https://chromium.googlesource.com/chromium/src.git/+/caa2438f516fe141607e5f76dd10b03ccf2451e7> Chrome root store: PEM files and skeleton of codegen tool <https://chromium.googlesource.com/chromium/src.git/+/caa2438f516fe141607e5f76dd10b03ccf2451e7> by Hubert Chao · 10 months agoIt's a pity the recent changes adding/removing some certificates have the rather unuseful commit message: "Automatic update from google3".
It's looking a bit opaque from my point of view, especially when compared with Mozilla's root store updates.
https://g.co/chrome/root-policy doesn't gives any hint, but is there any public mailing list where CA addition/removal are discussed before being checked in google3 ?
Regards. -- Yann Droneaud OPTEYA -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/8c0ccf7f-1bde-21a4-d6c2-c110a50819e0%40opteya.com.
