Hi Xiaosheng,
On 14/10/16 16:06, 谭晓生 wrote:
> We’ll rewrite all the code with different programing language or buy
> 3rd party components (for example: PKI), Wosign team using .Net, but
> my team never use .Net, they are good at C/C++ and PHP, Python.
It would be great to be clear about what the plan in each case - whether
it's a "audit, check and review" of the existing codebase, or whether
it's a rewrite, or whether it's a 3rd party implementation.
The deadlines in the document are:
Website: Dec 31st 2016
CMS: Dec 31st 2016
PKI: Dec 1st 2016 (replace with StartCom version)
Feb 2017 (implement 3rd party)
OCSP/CRL: Dec 1st 2016
There are only six weeks between now and Dec 1st 2016. There is no way
your team, no matter how big or skilled it is, can safely and securely
write a new OCSP/CRL system in six weeks, and then finish a website and
a CMS four weeks after that. Even if Python is awesome ;-)
Gerv
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
