cacerts bundled with OpenJDK

Henri Gomez henri.gomez at
Fri Jun 1 07:20:44 UTC 2012

> Disclaimer that I haven't read the thread to which you're referring.
> I think a key difference between Mozilla and OpenJDK is that Mozilla
> distributes packaged products to end users whereas OpenJDK is a
> collaboration of platform providers at the source code level.  Whereas
> cacerts are fundamentally a packaged product thing, and not entirely
> necessary, and fundamentally tied to whoever is distributing the binary, I
> don't think it would or should apply.  Whereas Mozilla is shipping product
> almost exclusively to end users in the form of Firefox, Thunderbird, etc,
> then I can understand why they would maintain certs with the products.


Providing a default cacerts in OpenJDK with a set of well-known ROOT
CAs would help packagers avoiding duplicate works on all

I guess there is some packagers here, at least Andrew Hughes, what do
you think about this ?

More information about the discuss mailing list