On 2020-10-15 16:46, Rob Stradling wrote:
Hi Jacob. I don't believe that this list mandates any particular posting style
[https://en.wikipedia.org/wiki/Posting_style].
Although interleaved/inline posting is my preferred style, I'm stuck using
Outlook365 as my mail client these days. (Sadly, Thunderbird's usability
worsened dramatically for me after Sectigo moved corporate email to Office365 a
few years ago). So this is the situation I find myself in...
"This widespread policy in business communication made bottom and inline posting so
unknown among most users that some of the most popular email programs no longer support
the traditional posting style. For example, Microsoft Outlook, AOL, and Yahoo! make it
difficult or impossible to indicate which part of a message is the quoted original or do
not let users insert comments between parts of the original."
[https://en.wikipedia.org/wiki/Posting_style#Quoting_support_in_popular_mail_clients]
I realized that the problem was caused by broken client software, and
was pointing out than in this case, it had led to a specific lack of
clarity and was asking for clarification of what meaning was intended.
________________________________
From: dev-security-policy <dev-security-policy-boun...@lists.mozilla.org> on behalf
of Jakob Bohm via dev-security-policy <dev-security-policy@lists.mozilla.org>
Sent: 12 October 2020 22:41
To: mozilla-dev-security-pol...@lists.mozilla.org
<mozilla-dev-security-pol...@lists.mozilla.org>
Subject: Re: Sectigo to Be Acquired by GI Partners
Hi Rob,
The e-mail you quote below seems to be inadvertently "confirming" some
suspicions that someone else posed as questions. I think the group as a
whole would love to have actual specific answers to those original
questions.
Remember to always add an extra layer of ">" indents for each level of
message quoting, so as to not misattribute text.
On 2020-10-12 10:43, Rob Stradling wrote:
Hi Ryan. Tim Callan posted a reply to your questions last week, but his
message has not yet appeared on the list. Is it stuck in a moderation queue?
________________________________
From: dev-security-policy <dev-security-policy-boun...@lists.mozilla.org> on behalf
of Ryan Sleevi via dev-security-policy <dev-security-policy@lists.mozilla.org>
Sent: 03 October 2020 22:16
To: Ben Wilson <bwil...@mozilla.com>
Cc: mozilla-dev-security-policy <mozilla-dev-security-pol...@lists.mozilla.org>
Subject: Re: Sectigo to Be Acquired by GI Partners
In a recent incident report [1], a representative of Sectigo noted:
The carve out from Comodo Group was a tough time for us. We had twenty
years’ worth of completely intertwined systems that had to be disentangled
ASAP, a vast hairball of legacy code to deal with, and a skeleton crew of
employees that numbered well under half of what we needed to operate in any
reasonable fashion.
This referred to the previous split [2] of the Comodo CA business from the
rest of Comodo businesses, and rebranding as Sectigo.
In addition to the questions posted by Wayne, I think it'd be useful to
confirm:
1. Is it expected that there will be similar system and/or infrastructure
migrations as part of this? Sectigo's foresight of "no effect on its
operations" leaves it a bit ambiguous whether this is meant as "practical"
effect (e.g. requiring a change of CP/CS or effective policies) or whether
this is meant as no "operational" impact (e.g. things will change, but
there's no disruption anticipated). It'd be useful to frame this response
in terms of any anticipated changes at all (from mundane, like updating the
logos on the website, to significant, such as any procedure/equipment
changes), rather than observed effects.
2. Is there a risk that such an acquisition might further reduce the crew
of employees to an even smaller number? Perhaps not immediately, but over
time, say the next two years, such as "eliminating redundancies" or
"streamlining operations"? I recognize that there's an opportunity such an
acquisition might allow for greater investment and/or scale, and so don't
want to presume the negative, but it would be good to get a clear
commitment as to that, similar to other acquisitions in the past (e.g.
Symantec CA operations by DigiCert)
[1] https://bugzilla.mozilla.org/show_bug.cgi?id=1648717#c21
[2]
https://groups.google.com/g/mozilla.dev.security.policy/c/AvGlsb4BAZo/m/p_qpnU9FBQAJ
On Thu, Oct 1, 2020 at 4:55 PM Ben Wilson via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
As announced previously by Rob Stradling, there is an agreement for
private investment firm GI Partners, out of San Francisco, CA, to acquire
Sectigo. Press release:
https://sectigo.com/resource-library/sectigo-to-be-acquired-by-gi-partners
.
I am treating this as a change of legal ownership covered by section 8.1
<
https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/#81-change-in-legal-ownership
of the Mozilla Root Store Policy, which states:
If the receiving or acquiring company is new to the Mozilla root program,
it must demonstrate compliance with the entirety of this policy and there
MUST be a public discussion regarding their admittance to the root
program,
which Mozilla must resolve with a positive conclusion in order for the
affected certificate(s) to remain in the root program.
In order to comply with policy, I hereby formally announce the commencement
of a 3-week discussion period for this change in legal ownership of Sectigo
by requesting thoughtful and constructive feedback from the community.
Sectigo has already stated that it foresees no effect on its operations due
to this ownership change, and I believe that the acquisition announced by
Sectigo and GI Partners is compliant with Mozilla policy.
Thanks,
Ben
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
