Why share your opinions on this stuff on social media? What does it matter?

"Asking for a friend."

So we've done some testing, and it looks like this certificate needs to be removed from the root ca bundles of Ubuntu 16.04 and earlier, as well as Debian 9 and earlier, even if these hosts are otherwise up do date (including the root certificate bundle). We've gone head and rolled out a fix, but I guess consider this a heads up.

I mean, Debian 9 isn't that old.

Its relatively easy to test -- create a host using an older, affected distribution, set the time forward to, say, 6/1/2020, and run 'curl https://crt.sh/' . You should get a ceritifcate expired error

Why does it need to be removed? Shouldn't it just cleanly expire and be ignored?

Yes -- but on older linux distributions curl, etc continue to try to use it

Interesting, I would've expected them to ignore an expired cert in the chain if there is also a still valid one.

I guess I'm a little unclear on why anyone would bother engaging with shanley in the first place. Her twitter feed, while frequently entertaining, screams "professional bullshitter" pretty loudly. It's reasonable to assume that her primary motive is to drive traffic to her website. I suppose it's also possible that she's just a truly damaged person -- or maybe some combination of both.

Either way, it seems like there are better ways to expend your energies. In the end, outside her relatively small circle of fellow cottage-industrialist diversity activists, shanley is a pretty insignificant presence in the wider world of tech and likely to remain so for the foreseeable future.