desktop-packages team mailing list archive

[Wan-Teh Chang <wtc@xxxxxxxxxx>]

Comment on attachment 557158
Patch (v1)

>     // By request of the Dutch government

I suggest this comment be reworded.  This comment
implies we yielded to government pressure.  I doubt
that's the case.

How about something like "Staat der Nederlanden Root CA
certified their subordinate DigiNotar CAs were good"?
If it turns out their subordinate DigiNotar CAs were
also attacked, then that'll be reason to remove the
trust for Staat der Nederlanden Root CA.

Similarly, we should ask each of the root CA that
has a subordinate DigiNotar CA to either certify
or revoke the subordinate DigiNotar CA.  This is a
good test for the trustworthiness of the root CAs.

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/838322

Title:
  Remove the exemptions for the Staat der Nederlanden root

Status in The Mozilla Firefox Browser:
  Fix Released
Status in “firefox” package in Ubuntu:
  Triaged
Status in “xulrunner-1.9.2” package in Ubuntu:
  Invalid
Status in “firefox” source package in Lucid:
  In Progress
Status in “xulrunner-1.9.2” source package in Lucid:
  In Progress
Status in “firefox” source package in Maverick:
  In Progress
Status in “xulrunner-1.9.2” source package in Maverick:
  In Progress
Status in “firefox” source package in Natty:
  In Progress
Status in “xulrunner-1.9.2” source package in Natty:
  Invalid
Status in “firefox” source package in Oneiric:
  Triaged
Status in “xulrunner-1.9.2” source package in Oneiric:
  Invalid

Bug description:
  Here's an updated blog post on the DigiNotar issue:
  http://blog.mozilla.com/security/2011/09/02/diginotar-removal-follow-up/

  The Staat der Nederlanden roots have been removed as well now and we
  in Ubuntu will follow suit.

To manage notifications about this bug go to:
https://bugs.launchpad.net/firefox/+bug/838322/+subscriptions