|
Kai Engert |
40d3667 |
# The upstream Mozilla.org project tests all changes to the root CA
|
|
Kai Engert |
40d3667 |
# list with the NSS (Network Security Services) library.
|
|
Kai Engert |
40d3667 |
#
|
|
Kai Engert |
40d3667 |
# Occassionally, changes might cause compatibility issues with
|
|
Kai Engert |
40d3667 |
# other cryptographic libraries, such as openssl or gnutls.
|
|
Kai Engert |
40d3667 |
#
|
|
Kai Engert |
40d3667 |
# The package maintainers of the CA certificates package might decide
|
|
Kai Engert |
40d3667 |
# to temporarily keep certain (legacy) root CA certificates trusted,
|
|
Kai Engert |
40d3667 |
# until incompatibility issues can be resolved.
|
|
Kai Engert |
40d3667 |
#
|
|
Kai Engert |
40d3667 |
# Using this configuration file it is possible to opt-out of the
|
|
Kai Engert |
40d3667 |
# compatibility choices made by the package maintainer.
|
|
Kai Engert |
40d3667 |
#
|
|
Kai Engert |
40d3667 |
# legacy=default :
|
|
Kai Engert |
40d3667 |
# This configuration uses the choices made by the package maintainer.
|
|
Kai Engert |
40d3667 |
# It may keep root CA certificate as trusted, which the upstream
|
|
Kai Engert |
40d3667 |
# Mozilla.org project has already marked as no longer trusted.
|
|
Kai Engert |
40d3667 |
# The set of CA certificates that are being kept enabled may change
|
|
Kai Engert |
40d3667 |
# between package versions.
|
|
Kai Engert |
e24bfeb |
#
|
|
Kai Engert |
e24bfeb |
# legacy=disable :
|
|
Kai Engert |
40d3667 |
# Follow all removal decisions made by Mozilla.org
|
|
Kai Engert |
e24bfeb |
#
|
|
Kai Engert |
40d3667 |
legacy=default
|