On 26/10/16 22:02, Kathleen Wilson wrote: > I agree that I should add a section about that to > https://wiki.mozilla.org/CA:SalesforceCommunity I don't agree that it > needs to be resolved before reminding these particular CAs about > their overdue action items. If they fall into that category, then > they can respond to my email stating that.
But isn't there a field in Salesforce for "audit PDF URL" which they need to fill in? So we need to tell them what to write. Do we want them to leave it blank? Or put "not available"? Or something else? > Please see > https://wiki.mozilla.org/CA:SalesforceCommunity#CA_Community_in_Salesforce > and let me know if you still think we need to add a sentence to the > wiki page stating that CAs are expected to maintain this data on an > ongoing basis. Well, like I said, it should be obvious to anyone with half a brain but explicit is always clearer than implicit. Being explicit also allows us to set expectations about how quickly the info is updated after events, e.g. how soon must new intermediates be reported. > ~~ Subject: ACTION REQUIRED: Non-Disclosed > non-technically-constrained Intermediate Certs > > Dear Certification Authority, > > You are receiving this email because our records indicate Well, Rob Stradling's records indicate :-) We might instead say that "because we have become aware" Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy