desktop-packages team mailing list archive

[Eddy-nigg <838322@xxxxxxxxxxxxxxxxxx>]

(In reply to Wan-Teh Chang from comment #14)
> How about something like "Staat der Nederlanden Root CA
> certified their subordinate DigiNotar CAs were good"?

Sshhh, but does that really matter? This is effectively and right now
used as revolving door by DigiNotar. I suggest to A) review this
decision, B) check your procedures for such incidences, C) perhaps
consult with the Mozilla CA Policy.

It does look very bad in my opinion and it appears to contradict the
decision to remove this root.

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/838322

Title:
  Remove the exemptions for the Staat der Nederlanden root

Status in The Mozilla Firefox Browser:
  Fix Released
Status in “firefox” package in Ubuntu:
  Triaged
Status in “xulrunner-1.9.2” package in Ubuntu:
  Invalid
Status in “firefox” source package in Lucid:
  In Progress
Status in “xulrunner-1.9.2” source package in Lucid:
  In Progress
Status in “firefox” source package in Maverick:
  In Progress
Status in “xulrunner-1.9.2” source package in Maverick:
  In Progress
Status in “firefox” source package in Natty:
  In Progress
Status in “xulrunner-1.9.2” source package in Natty:
  Invalid
Status in “firefox” source package in Oneiric:
  Triaged
Status in “xulrunner-1.9.2” source package in Oneiric:
  Invalid

Bug description:
  Here's an updated blog post on the DigiNotar issue:
  http://blog.mozilla.com/security/2011/09/02/diginotar-removal-follow-up/

  The Staat der Nederlanden roots have been removed as well now and we
  in Ubuntu will follow suit.

To manage notifications about this bug go to:
https://bugs.launchpad.net/firefox/+bug/838322/+subscriptions