Bug 1472933

Summary: RHEL 7: Update ca-certificates to remove code signing trust from all CAs (upstream decision)
Product: Red Hat Enterprise Linux 7 Reporter: Kai Engert (:kaie) (inactive account) <kengert>
Component: ca-certificatesAssignee: Kai Engert (:kaie) (inactive account) <kengert>
Status: CLOSED ERRATA QA Contact: Hubert Kario <hkario>
Severity: unspecified Docs Contact: Mirek Jahoda <mjahoda>
Priority: unspecified    
Version: 7.5CC: mjahoda, szidek
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ca-certificates-2017.2.16-71.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-04-10 13:56:26 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Kai Engert (:kaie) (inactive account) 2017-07-19 15:50:51 UTC 
Mozilla has stopped supporting code signing trust, and the next update will remove all the trust bits related to code signing.

(Only the TLS/server trust and email security bits will remain.)

We should make this change in the next y-stream release.
Comment 3 Kai Engert (:kaie) (inactive account) 2017-09-26 14:47:24 UTC 
http://pkgs.devel.redhat.com/cgit/rpms/ca-certificates/commit/?h=rhel-7.5&id=98a2f9ddc473bb65b85403f570846d9b8ac53d5f
Comment 8 errata-xmlrpc 2018-04-10 13:56:26 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2018:0804