On 2019-02-04 21:33, Kathleen Wilson wrote:
All,
As you know, CCADB sends audit reminder emails regarding root certs in
Mozilla's program on the 3rd Tuesday of each month.
We are going to update the date checks for determining when the email
gets sent, so that rather than keying off of the Audit Statement Date,
the check will key off of the Audit Period End date.
I will appreciate input on what the date ranges should be.
Here's the current logic with just the change to use Audit Period End Date.
1) If
(1 year - 30 days) < Audit Period End Date <= (1 year + 120 days)
Send Courtesy Audit Reminder
https://wiki.mozilla.org/CA/Email_templates#Courtesy_Audit_Reminder_Email_Template
So it would mail this every month, possible for 5 months. I think that's
fine.
I think it should stop at + 90 days, because it's the overdue.
2) If
(1 year + 120 days) < Audit Period End Date <= (1 year + 240 days)
Send Overdue Audit Reminder
https://wiki.mozilla.org/CA/Email_templates#Overdue_Audit_Statement_Email_Template
I think 240 days (8 months) is a rather long period to just say it's
overdue. I suggest lowering that to 150 days or 180 days.
Kurt
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
