On Wed, 2014-09-17 at 14:16 +0200, Kai Engert wrote:
I think it's good that we have started experimenting with these removals in the testing areas of Fedora, because it raises awareness of these issues, and hopefully can bring higher priority to getting OpenSSL and GnuTLS enhanced.
But given the heavy complaints, maybe it's necessary that we delay shipping the upstream removals into stable Fedora a little longer, until we have a better solution (either by having OpenSSL/GnuTLS enhanced,
Sounds good. Thanks for taking this issue seriously!
or maybe by implementing a way that enables users/admins to re-enable legacy CA certificates).
For the purposes of Fedora Workstation, no user intervention should be required.
Michael