Mozilla believes that the exemption for certificates under Staat der Nederlanden roots is justified, and it is in line with what other browsers are doing (which used different technical measures which made an exception unnecessary). We will be posting on the security blog soon with a fuller explanation of this. The comment in the source code is not the full story.
Gerv -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to firefox in Ubuntu. https://bugs.launchpad.net/bugs/838322 Title: Remove the exemptions for the Staat der Nederlanden root Status in The Mozilla Firefox Browser: Fix Released Status in “firefox” package in Ubuntu: Triaged Status in “xulrunner-1.9.2” package in Ubuntu: Invalid Status in “firefox” source package in Lucid: In Progress Status in “xulrunner-1.9.2” source package in Lucid: In Progress Status in “firefox” source package in Maverick: In Progress Status in “xulrunner-1.9.2” source package in Maverick: In Progress Status in “firefox” source package in Natty: In Progress Status in “xulrunner-1.9.2” source package in Natty: Invalid Status in “firefox” source package in Oneiric: Triaged Status in “xulrunner-1.9.2” source package in Oneiric: Invalid Bug description: Here's an updated blog post on the DigiNotar issue: http://blog.mozilla.com/security/2011/09/02/diginotar-removal-follow-up/ The Staat der Nederlanden roots have been removed as well now and we in Ubuntu will follow suit. To manage notifications about this bug go to: https://bugs.launchpad.net/firefox/+bug/838322/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
