>Just to make it clear, when I mentioned Java8u91 as an example I meant for >the time when lets say Java8u81 was latest at that moment. In that case >when using the built in JVM store you would encounter failed connections to >servers with G2 signed certificates. Then as you said you would need to >import it into the JVM store by yourself or wait for the next Java release >that would include it by default i.e. Java8u91
I understand your meanings, but I wonder if the release interval of the "CA-Certs Distro package" is shorter than that from Java and first of all if it's likely that one will use a certificate chained with a "brand-new" CA that's not in the common trust stores :)
