Hi Jacob. I don't believe that this list mandates any particular posting style [https://en.wikipedia.org/wiki/Posting_style].
Although interleaved/inline posting is my preferred style, I'm stuck using Outlook365 as my mail client these days. (Sadly, Thunderbird's usability worsened dramatically for me after Sectigo moved corporate email to Office365 a few years ago). So this is the situation I find myself in... "This widespread policy in business communication made bottom and inline posting so unknown among most users that some of the most popular email programs no longer support the traditional posting style. For example, Microsoft Outlook, AOL, and Yahoo! make it difficult or impossible to indicate which part of a message is the quoted original or do not let users insert comments between parts of the original." [https://en.wikipedia.org/wiki/Posting_style#Quoting_support_in_popular_mail_clients] ________________________________ From: dev-security-policy <dev-security-policy-boun...@lists.mozilla.org> on behalf of Jakob Bohm via dev-security-policy <dev-security-policy@lists.mozilla.org> Sent: 12 October 2020 22:41 To: mozilla-dev-security-pol...@lists.mozilla.org <mozilla-dev-security-pol...@lists.mozilla.org> Subject: Re: Sectigo to Be Acquired by GI Partners Hi Rob, The e-mail you quote below seems to be inadvertently "confirming" some suspicions that someone else posed as questions. I think the group as a whole would love to have actual specific answers to those original questions. Remember to always add an extra layer of ">" indents for each level of message quoting, so as to not misattribute text. On 2020-10-12 10:43, Rob Stradling wrote: > Hi Ryan. Tim Callan posted a reply to your questions last week, but his > message has not yet appeared on the list. Is it stuck in a moderation queue? > > ________________________________ > From: dev-security-policy <dev-security-policy-boun...@lists.mozilla.org> on > behalf of Ryan Sleevi via dev-security-policy > <dev-security-policy@lists.mozilla.org> > Sent: 03 October 2020 22:16 > To: Ben Wilson <bwil...@mozilla.com> > Cc: mozilla-dev-security-policy > <mozilla-dev-security-pol...@lists.mozilla.org> > Subject: Re: Sectigo to Be Acquired by GI Partners > > > In a recent incident report [1], a representative of Sectigo noted: > > The carve out from Comodo Group was a tough time for us. We had twenty >> years’ worth of completely intertwined systems that had to be disentangled >> ASAP, a vast hairball of legacy code to deal with, and a skeleton crew of >> employees that numbered well under half of what we needed to operate in any >> reasonable fashion. > > > This referred to the previous split [2] of the Comodo CA business from the > rest of Comodo businesses, and rebranding as Sectigo. > > In addition to the questions posted by Wayne, I think it'd be useful to > confirm: > > 1. Is it expected that there will be similar system and/or infrastructure > migrations as part of this? Sectigo's foresight of "no effect on its > operations" leaves it a bit ambiguous whether this is meant as "practical" > effect (e.g. requiring a change of CP/CS or effective policies) or whether > this is meant as no "operational" impact (e.g. things will change, but > there's no disruption anticipated). It'd be useful to frame this response > in terms of any anticipated changes at all (from mundane, like updating the > logos on the website, to significant, such as any procedure/equipment > changes), rather than observed effects. > > 2. Is there a risk that such an acquisition might further reduce the crew > of employees to an even smaller number? Perhaps not immediately, but over > time, say the next two years, such as "eliminating redundancies" or > "streamlining operations"? I recognize that there's an opportunity such an > acquisition might allow for greater investment and/or scale, and so don't > want to presume the negative, but it would be good to get a clear > commitment as to that, similar to other acquisitions in the past (e.g. > Symantec CA operations by DigiCert) > > [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1648717#c21 > [2] > https://groups.google.com/g/mozilla.dev.security.policy/c/AvGlsb4BAZo/m/p_qpnU9FBQAJ > > On Thu, Oct 1, 2020 at 4:55 PM Ben Wilson via dev-security-policy < > dev-security-policy@lists.mozilla.org> wrote: > >> As announced previously by Rob Stradling, there is an agreement for >> private investment firm GI Partners, out of San Francisco, CA, to acquire >> Sectigo. Press release: >> https://sectigo.com/resource-library/sectigo-to-be-acquired-by-gi-partners >> . >> >> >> I am treating this as a change of legal ownership covered by section 8.1 >> < >> https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/#81-change-in-legal-ownership >>> >> of the Mozilla Root Store Policy, which states: >> >>> If the receiving or acquiring company is new to the Mozilla root program, >>> it must demonstrate compliance with the entirety of this policy and there >>> MUST be a public discussion regarding their admittance to the root >> program, >>> which Mozilla must resolve with a positive conclusion in order for the >>> affected certificate(s) to remain in the root program. >> >> In order to comply with policy, I hereby formally announce the commencement >> of a 3-week discussion period for this change in legal ownership of Sectigo >> by requesting thoughtful and constructive feedback from the community. >> >> Sectigo has already stated that it foresees no effect on its operations due >> to this ownership change, and I believe that the acquisition announced by >> Sectigo and GI Partners is compliant with Mozilla policy. >> >> Thanks, >> >> Ben >> _______________________________________________ >> dev-security-policy mailing list >> dev-security-policy@lists.mozilla.org >> https://lists.mozilla.org/listinfo/dev-security-policy >> > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy > Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
