I'm fine with that suggestion. On Fri, Feb 12, 2021 at 5:06 AM malcol...--- via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote:
> On Thursday, 11 February 2021 at 21:14:13 UTC, Ben Wilson wrote: > > 11. all incidents (as defined in section 2.4), including those reported > in > > Bugzilla, that were: > > * disclosed by the CA or discovered by the auditor, and > > * unresolved at any time during the audit period; > > > > The idea is that all "incidents" must be reported if they were > "unresolved" > > - which would include those that occurred or were open - at any time > during > > the audit period. > > > > Wouldn't it be clearer to non-native English speakers to avoid the nuance > associated with "unresolved at any time" needing to imply both those that > occurred or those that were still open? > > Why not amend the language to just say: > > 11. all incidents (as defined in section 2.4), including those reported in > Bugzilla, that: > * were disclosed by the CA or discovered by the auditor, and > * occurred or were open at any time during the audit period; > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy > _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
