Delete or DistrustA distrusted CA will stay distrusted, even if you install a new Firefox, so it's actually stronger than "deleting" would be.
Those certificates are compiled into the NSS library binary, for no other reason than to make them difficult for users not to trust
-- I suspect that the real reason is simply that NSS is an ancient piece of s...oftware.
Well why else would they do that? Literally every other piece of software, older and newer than Netscape Navigator, uses a separate file/directory for its list of root certificate authorities. Netscape pulled all sorts of shenanigans to try and screw with people. I still think CORBA is a plot by the lizard people to make web browsers impossible to understand.
Well why else would they do that?My guess would be that it was just easier to do it this way -- otherwise they would have had to implement a parser for cert-files, and reading PEM- or DER-encoded stuff is simply painful. There was a article by iirc jwz where he described the work environment they had to endure while coding the SSL-support (can't find it right now), which leads me to apply Hanlon's razor.
I still think CORBA is a plot by the lizard people to make web browsers impossible to understand.Oh, this is of course true. Real humans would never come up with that :)