Re: Policy 2.7.1: MRSP Issue #192: Require information about auditor qualifications in the audit report

On Sat, Nov 7, 2020 at 9:21 AM Jeff Ward via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > Sure Ryan, the answer is quite simple. When I used the word "public" in > my post, I should have been more clear as to the nuance of this concept. > Public reports by definition are

Re: Policy 2.7.1: MRSP Issue #192: Require information about auditor qualifications in the audit report

On Friday, November 6, 2020 at 1:13:43 PM UTC-6, Ryan Sleevi wrote: > On Fri, Nov 6, 2020 at 12:31 PM Jeff Ward via dev-security-policy < > dev-secur...@lists.mozilla.org> wrote: > > > Audit reports, whether for WebTrust, financial statements, or other forms > > of engagement reports providing

Re: Policy 2.7.1: MRSP Issue #192: Require information about auditor qualifications in the audit report

On Sat, Nov 7, 2020 at 4:52 AM Dimitris Zacharopoulos wrote: > > I will try to further explain my thoughts on this. As we all know, > according to Mozilla Policy "CAs MUST follow and be aware of discussions in > the mozilla.dev.security.policy >

Re: Policy 2.7.1: MRSP Issue #192: Require information about auditor qualifications in the audit report

I will try to further explain my thoughts on this. As we all know, according to Mozilla Policy "CAs MUST follow and be aware of discussions in the mozilla.dev.security.policy forum, where Mozilla's root program is coordinated". I