hello, I think it was discussed on security-dev before but did not result in some action as far as I understand it. Currently the „cacert“ file shipped with 8u upstream builds is a bit outdated. It contains multiple expired certificates and misses latest additions.
Also I noted there are multiple vendors struggling with this file. Since the later Java releases have a canonical source for that file with vetted licensing it totally would make sense to refresh I.e. backport the changes. Is there anything planned in that direction? (An Alternative would be to synchronize it with the Oracle SE version, this allows easier migration between the two packages, however I am not sure if this is an option from the licensing side) Greetings Bernd -- http://bernd.eckenfels.net
