Ian G wrote: > In 1.5 years in this forum, we have not even got Mozilla > to say in any frank sense that phishing is a problem ...
There hasn't been a big public announcement about it, but work has been done and it has been acknowledged years ago. Just look at the old bugs on spoofing and phishing. > let alone how to deal with it. We're still having discussions > on whether there is even a place or relevance to this level > of issue. Heikki has suggested that staff isn't ready for it > and to move it back to npm which implies that security > isn't ready for it either. .... And he's not wrong, coz the No, you misunderstood, but that's probably because I didn't make it clear why. This issue in my opinion has not reached a state where the staff needs to be involved. The only thing at this point might be an official statement from staff saying "yeah, phising is bad, we need to make it a priority to do something about it". The way I see the staff's role generally is to arbitrate where different developer groups have come to an impasse. One group says we need to do this, and some other group says we need to do this other incompatible thing and can't reach a consensus. The staff should then be brought in to decide. This is just my view, though, others might disagree. There are docs on mozilla.org that describe staff's role. > Wow, that was more of a rant that I intended. Oh > well, enjoy ! Well, I did not enjoy it. It actually annoyed me hugely and I almost skipped over this whole post because of it. Please, in the future, stay on topic and make your posts brief. -- Heikki Toivonen _______________________________________________ Mozilla-security mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-security
