Fedora seems to be close to disabling some old CA's (with e.g. 1024 bit RSA keys etc.), see
https://fedoraproject.org/wiki/CA-Certificates
and
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/7BEOPFFBLCGDLUL4SIVTJG2YXX4OKRE6/
If there still are sites using certs with those CA's, there could be a check that checks whether they're still in use or not.
Fedora seems to be close to disabling some old CA's (with e.g. 1024 bit RSA keys etc.), see
https://fedoraproject.org/wiki/CA-Certificates
and
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/7BEOPFFBLCGDLUL4SIVTJG2YXX4OKRE6/
If there still are sites using certs with those CA's, there could be a check that checks whether they're still in use or not.