On Fri, Aug 05, 2016 at 09:44:58PM -0700, Ryan Sleevi wrote: > On Friday, August 5, 2016 at 4:32:52 PM UTC-7, Kathleen Wilson wrote: > > I am planning to have Salesforce automatically send the following email on > > the second and fourth Tuesday of each month to the Primary POC for each CA > > owner in the report, and have it CC the CA's email alias. > > Kathleen, > > This may be a separate discussion, but have you considered setting this list > as the TO: and having it BCC: the owners, for situations where you have CAs > not completing things in a timely manner / as expected? > > The downside to these automated emails is it that it's hard for the public to > know when CAs are having issues, such as non-compliance, short of > re-implementing the same checks using the Salesforce data that's publicly > available. By posting to this list (and I'm not sure if the Salesforce system > uses a fixed address or not; if not, it may be a bit harder to get it > automatically posted publicly), it has a better chance of being part of the > permanent record, so that in the future, others can understand what > historical issues there were with particular CAs, and how they were resolved. > > It also may help put appropriate public pressure to have the issue corrected > quickly, which seems like a net-win.
I guess the same could go for e-mails about reminders that their audit period is over and should put up a new audit report, at least if they're really late. Kurt _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
