|
|
|
|
|
|
by sleevi
1871 days ago
|
|
|
Example app: NuGet for .NET on Linux and MacOS, from Microsoft: https://github.com/NuGet/Announcements/issues/56 It used SSL/TLS and S/MIME roots to verify code signing and timestamping responses. When Symantec, which was removed for TLS trust, was also removed for S/MIME, NuGet broke, because it was no longer able to verify the TSA signature. As covered in https://github.com/NuGet/Home/issues/10504 , this then led some Linux distros, notably Debian/Ubuntu, to re-add Symantec. Any application using the ca-certificates package thus end up trusting CAs that Mozilla does not trust, despite being derived from the Mozilla Root Store. So the news is already out there, this was just a reminder to folks to not do silly things like Microsoft did. |
|
|