Hi Yann,
Our team continues to make preparations to launch the Chrome Root Store later this year. What you observe in the commit history is a set of changes that update the format and collection of initial root CAs targeted for inclusion in the Chrome Root Store, summarized below.
Recent updates:
removing CA certificates whose corresponding CA operator has requested their removal (described further in 1 and 2)
adding CA certificates for CAs that satisfy the criteria outlined in our existing policy
replacing existing CA certificates with the most recent versions (due to certificate modification)
Expect to see additional updates in the coming weeks and months as we prepare for launch.
To be clear, none of the removals you observed are distrust events.
Regarding your interest in increased transparency, we’re working to address your concern. But first, we’re focused on completing our engineering efforts related to the Chrome Certificate Verifier and the Chrome Root Store (observed above), finalizing updates to our policies, defining our application process, and integrating our program and corresponding root store with CCADB.
For any questions related to the Chrome Root Program in the meantime - please feel free to email us at chrome-ro...@google.com.
Thanks,
Ryan
--
You received this message because you are subscribed to the Google Groups "dev-secur...@mozilla.org" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dev-security-po...@mozilla.org.
To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/8c0ccf7f-1bde-21a4-d6c2-c110a50819e0%40opteya.com.