On Sun, Oct 09, 2016 at 08:47:59AM -0700, Peter Bowen wrote: > I think the proposal from 360 to operate WoSign and StartCom as > separate subsidiaries is interesting and something that is well worth > reviewing if/when they apply to rejoin the program. However that does > not change the past. WoSign and StartCom were, at least as of a month > ago, under common control with WoSign owning and directing operations > of StartCom. Therefore I think they must be treated as one when > reviewing what actions to take as a result of their past behavior.
This is my stance, too. StartCom and WoSign have shared, and currently share, technical, administrative, and management functions. If their operations are, in the future, functionally separated, then they can be considered for reinclusion separately. However, for the purposes of what to do about them over *past* actions, when they were a single operational entity, their actions should be considered as such. - Matt _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
