Confirm, administrator
5,526
edits
Changes
m
updated links
The decisions Mozilla makes with regards to the inclusion or exclusion of CA certificates in its root store are directly tied to the capabilities and behaviours of the software Mozilla distributes. Sometimes, a security change is made wholly or partly in the software instead of the root store. Further, Mozilla does not promise to take into account the needs of other users of its root store when making such decisions.
Therefore, anyone considering bundling Mozilla's root store with other software needs to be aware of the issues surrounding providing a root store, and committed to making sure that they maintain security for their users by carefully observing Mozilla's actions and taking appropriate steps of their own. On a best-efforts basis, Mozilla maintains [[CA:Root_Store_Trust_Mods/Additional_Trust_Changes|a list]] of the additional things users of our store might need to consider.
For additional context see the [https://groups.google.com/d/msg/mozilla.dev.security.policy/FYIBEF_AVMI/2KYQrWirsiQJ discussion in mozilla.dev.security policy].
