Mozilla at least used to routinely get advanced notice of things like coordinated-embargo security issues, including those that affected publicly-traded entities, and managed to keep them appropriately private. Mozilla could be notified without it being via the MDSP channel, and in fact I believe that's exactly what happened with the Symantec events. I don't believe that it happened in this case, presumably because neither Entrust nor Sectigo believed that there was a material change to the relevant root operations of either, but rather simply a bulk migration of customers. (I agree with that position, for what little that's worth.)
Mike On Fri, Jan 31, 2025 at 3:00 PM Phillip Hallam-Baker <[email protected]> wrote: > One aspect of this discussion that is plain weird is the notion that a > group that holds public discussion on a subject can get any sort of advance > notice. > > Entrust is a public company with stock traded on US exchanges that must > therefore comply with US disclosure requirements. Entrust execs would be > going to jail if they allowed public announcements that didn't go through > the required processes. > > So perhaps a little less of the indignation about not being notified and > complaining about corporate speak? > > -- > You received this message because you are subscribed to the Google Groups " > [email protected]" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion visit > https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CAMm%2BLwgzJL%3DF5QXpwynoZackdSiCiG5iiRRprg%2BwzMpvY5BrQg%40mail.gmail.com > <https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CAMm%2BLwgzJL%3DF5QXpwynoZackdSiCiG5iiRRprg%2BwzMpvY5BrQg%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CADQzZqu7pNVsX2%2BPBzn1Pf-8OLoKcU5PDBDXEZ7%3DKqTsEzxxZw%40mail.gmail.com.
