Comment 1 for bug 1331914

As mentioned in bug #1461834, once this is possible it should be mandatory with a very short sunset period. There is executable code signed by these vulnerable keys.