> The only thing that's holding me back in updating the Qt certificates is
> to
> decide whether keeping expired certificates is a good thing.
>
> There are 81 certificates in Qt's bundle. One of them is repeated, so 80
> are
> unique.
>
> However, from those 80, 8 have expired already.
>
> Of the 72 non-expired, unique certificates in Qt, 48 are *not* in the
> Firefox
> certificate store.

That's worriesome. What sort of validation did those CAs undergo?