Please review this change to remove the GTE CyberTrust Global Root from
the cacerts keystore. This root is expired and all certificates that
chain back to this root have expired.
Note that retaining roots past their expiration date may make sense in
some cases. For example, if we removed a root it could break signed code
that had been previously timestamped. It may make sense to allow for a
transition period for those apps to be signed and re-deployed using new
certificates.
However, this is much less of a risk going forward. Applets have been
deprecated since JDK 9 and WebStart apps are not supported as of
(Oracle) JDK 11. These were the primary use cases for signed and
timestamped code that I am aware of.
webrev: http://cr.openjdk.java.net/~mullan/webrevs/8195793/webrev.00/
Thanks,
Sean
