On 07/08/2017 18:07, Hanno Böck wrote:
On Mon, 7 Aug 2017 15:59:07 +0000
Ben Wilson via dev-security-policy
<dev-security-policy@lists.mozilla.org> wrote:
FWIW - In the case of Telecom Italia, they have a commercial CA
product has a bug in it that occasionally causes this issue. They
may need some time for the software to be fixed/replaced.
I'm more worried by this statement than by the actual bug.
If you're a CA and are not able to fix a bug in your product in a timely
manner then you probably shouldn't be a CA.
If you are a CA or serious CA software vendor, you should not install
non-essential patches without a very long and thorough testing process.
Since this is (at most) a formal violation and not a security problem,
it is better for the fix to go through many month of careful testing
than to rush it through.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
