Bonjour, Le samedi 1 octobre 2016 11:02:21 UTC+2, Stefan Paletta a écrit : [...] > I have one question about the proposal: what is the rationale and > justification for the one-year minimum distrust? While this seems quite > reasonable at first glance, my thinking is this: clearly, the proposed > extensive audit must be deemed sufficient to allow for re-qualification a > year from now (because otherwise you would not be proposing it). Then why > would such an extensive audit not be sufficient when executed right now? In > other words: what does the addition of simply waiting for a year change about > admissibility to the Mozilla roots?
The auditor doesn't predict the future. The auditor can only audit what was made in the past. I consider the Mozilla investigation to be an audit, and the findings are really bad. Another extensive audit performed right now can't possibly give a different result. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy