RFR [12]: 8195793: Remove GTE CyberTrust Global Root

Rajan Halade rajan.halade at oracle.com
Thu Oct 18 23:36:21 UTC 2018


Looks good to me!

Thanks,
Rajan

On 10/18/18 8:04 AM, Sean Mullan wrote:
> Please review this change to remove the GTE CyberTrust Global Root 
> from the cacerts keystore. This root is expired and all certificates 
> that chain back to this root have expired.
>
> Note that retaining roots past their expiration date may make sense in 
> some cases. For example, if we removed a root it could break signed 
> code that had been previously timestamped. It may make sense to allow 
> for a transition period for those apps to be signed and re-deployed 
> using new certificates.
>
> However, this is much less of a risk going forward. Applets have been 
> deprecated since JDK 9 and WebStart apps are not supported as of 
> (Oracle) JDK 11. These were the primary use cases for signed and 
> timestamped code that I am aware of.
>
> webrev: http://cr.openjdk.java.net/~mullan/webrevs/8195793/webrev.00/
>
> Thanks,
> Sean




More information about the security-dev mailing list