Hi folks, Re: Symantec being distrusted, it looks like Mozilla is doing this without modifying certdata.txt, which we use as the basis for the mozilla-rootcerts package. While asking around, it looks like this is the list of rules they apply on top: https://wiki.mozilla.org/CA/Additional_Trust_Changes So, I can manually distrust Symantec, but what about the more complicated rules? I'm tempted to manually blacklist all the ones listed as having more complicated rules, but would hesitate to do it for ANSSI. Thoughts?