El martes, 19 de enero de 2021 a las 0:49:42 UTC+1, Matt Palmer escribió: > On Sun, Jan 17, 2021 at 12:51:29AM -0800, Ramiro Muñoz via > dev-security-policy wrote: > > We don’t ask the community to disregard the data, on the contrary we ask > > the community to analyze the data thoroughly including the impacts > > produced. > OK, I'll bite. As a member of the community, I've analyzed the data > thoroughly, and I'm not impressed. Camerfirma does not appear to grasp the > fact that "nothing bad has happened yet" is a *bad take*. "Nothing bad has > happened yet" is how every CA starts its life. It is not something to be > proud of, it's the absolute bare minimum. The volume of incidents that > Camerfirma has had is troubling, but it's the repetition of the nature of > the incidents, and the lacklustre way in which they have been responded to, > that causes me to think that Camerfirma has no place in the Mozilla trust > store. > > - Matt
Dear Matt, Thanks for your input, we really appreciate your time in contributing to this discussion. We are trying to make this discussion as objective as possible, and talking about objectivity I’d like to ask you where does the ‘bare minimum’ threshold stands according to Mozilla Root Store Policy. And why you are positioning Camerfirma below such a ‘bare minimum’ bar considering that Camerfirma, according to the public data, is not the member with the highest number of incidents nor the member with the most severe ones. Finally, I’d like to ask you, based on which article of Mozilla Root Store Policy, you are sentencing a removal from the Mozilla store. Again we appreciate your time and input in contributing to this discussion. -Ramiro _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
