Hi Jakob, On 12/09/16 18:30, Jakob Bohm wrote: > Our current evidence seems to be an unfortunate mix of actual issues > (such as the github.io certificates), and semi-irrelevant smear, which > means we will need to separate the chaff from the wheat before Mozilla > has a good basis for any decisions.
If you mean the "evidence" in this newsgroup, your accusation might carry some weight, although you will note that I have tried to reduce the amount of "semi-irrelevant smear" by asking those writing such things to stop. If you mean the evidence listed at: https://wiki.mozilla.org/CA:WoSign_Issues then I reject that; I think everything on that list is a concern worth investigating. It may turn out to be that some of the concerns have reasonable explanations, in which case we should document those explanations and move on. But that doesn't mean it was wrong to be concerned in the first place. Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
