Hi Wayne. We are not currently planning any changes to our CP/CPS as a result of this change of control.
________________________________ From: dev-security-policy <dev-security-policy-boun...@lists.mozilla.org> on behalf of Wayne Thayer via dev-security-policy <dev-security-policy@lists.mozilla.org> Sent: 02 October 2020 01:32 To: mozilla-dev-security-policy <mozilla-dev-security-pol...@lists.mozilla.org> Subject: Re: Sectigo to Be Acquired by GI Partners CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. Rob: what, if any, changes will be made to the Sectigo CP/CPS as a result of this change of control? Thanks, Wayne On Thu, Oct 1, 2020 at 1:55 PM Ben Wilson via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > As announced previously by Rob Stradling, there is an agreement for > private investment firm GI Partners, out of San Francisco, CA, to acquire > Sectigo. Press release: > https://sectigo.com/resource-library/sectigo-to-be-acquired-by-gi-partners > . > > > I am treating this as a change of legal ownership covered by section 8.1 > < > https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/#81-change-in-legal-ownership > > > of the Mozilla Root Store Policy, which states: > > > If the receiving or acquiring company is new to the Mozilla root program, > > it must demonstrate compliance with the entirety of this policy and there > > MUST be a public discussion regarding their admittance to the root > program, > > which Mozilla must resolve with a positive conclusion in order for the > > affected certificate(s) to remain in the root program. > > In order to comply with policy, I hereby formally announce the commencement > of a 3-week discussion period for this change in legal ownership of Sectigo > by requesting thoughtful and constructive feedback from the community. > > Sectigo has already stated that it foresees no effect on its operations due > to this ownership change, and I believe that the acquisition announced by > Sectigo and GI Partners is compliant with Mozilla policy. > > Thanks, > > Ben > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy > _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
