As we're hating on Dell for bundling a CA as root, don't forget that @debian adds themselves as a CA as well.
http://anonscm.debian.org/cgit/collab-maint/ca-certificates.git/tree/debian/README.Debian …
@sleevi_ That's silver lining, but the situation is still absurd. They also trust CAcert and several CAs with lapsed audits. :-(
-
-
@__agwa Yes. Unfortunately,@debian and@debian_security don't treat CA updates as critical security updates like other OS vendors do. -
@__agwa@debian@debian_security As a result, the Linux ecosystem as a whole is held back to a lower security standard (c.f. SHA-1 as well)
End of conversation
New conversation -
-
-
@__agwa@sleevi_ CAcert was actually removed last year: https://tracker.debian.org/news/149435 -
New conversation -
-
-
-
@martinkrafft@__agwa Anything removed from NSS/Mozilla trust store since oldstable was removed for audit or security reasons. -
@martinkrafft@__agwa Mozilla dev.security.policy and the HG logs explain each of the removals. Not removing from stable = :(
End of conversation
New conversation -
-
-
@__agwa I still run a Debian 5 server that trusts DigiNotar.#YOLOcryptoThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.