On 23/02/16 20:05, Andrew Ayer wrote: > Multiple mistakes were made by Worldpay (using public roots, leaving > the transition to the last minute, and then forgetting to renew before > the sunset) and Symantec (failing to make sure their customer was > prepared).
I think it's unreasonable to blame Symantec for this; Worldpay were clearly aware of the deadline (or at least, part of the business was). > They had ample opportunity to avoid a crisis. It is not > Mozilla's responsibility to dig them out of the hole they have dug for > themselves, It is not our responsibility; on the other hand, the damage which may happen if we do not (i.e. if we refuse, Symantec will not issue to Worldpay, and it's Worldpay's merchant customers who will be unable to take payments) does not accrue to Worldpay but to others. Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
