I'm merely a relying party and subscriber, but it seems quite unreasonable to believe that there is or should be any restriction upon a party to a business communication (which is what a report / complaint from a third party regarding key compromise, etc, is) from further dissemination of said communications.
It seems to me quite a stretch to suggest that the even the GDPR restrains such behavior. Are people seriously suggesting that a third party, with whom you have no NDA or agreement in place, may as much as email you and expect you to take action based upon said email AND expect that you be enjoined from as little as forwarding a copy of that email? That seems absurd. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
