On 17/01/17 23:27, Jakob Bohm wrote: > Notes on the text in that branched section (other than the actual > change discussed here): > > - It does not include some other changes under discussion (such as the > new version of the BRs). This may need to be manually reapplied after > merging in the movement of text from the inclusion to the audit > section.
The magic of git :-) > - There is no clause that can formally cover the recent decision by > Mozilla to disqualify a specific auditor in Hong Kong. E.g. something > along the lines that Mozilla may publicly announce at /url/ that > certain parties that match these criteria will not be trusted for > reasons there stated. Inclusion policy bullet 16, together with bullets 13 and 14, together make it clear that the decision about whether to accept audits from a particular auditor rests with Mozilla. > - There is no set of non-ETSI audit criteria for e-mail certificates as > trusted by Mozilla Thunderbird. Do you have some to propose? Although I'm not sure it's in scope for this particular issue. Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy