On Thursday, 11 February 2021 at 21:14:13 UTC, Ben Wilson wrote: > 11. all incidents (as defined in section 2.4), including those reported in > Bugzilla, that were: > * disclosed by the CA or discovered by the auditor, and > * unresolved at any time during the audit period; > > The idea is that all "incidents" must be reported if they were "unresolved" > - which would include those that occurred or were open - at any time during > the audit period. >
Wouldn't it be clearer to non-native English speakers to avoid the nuance associated with "unresolved at any time" needing to imply both those that occurred or those that were still open? Why not amend the language to just say: 11. all incidents (as defined in section 2.4), including those reported in Bugzilla, that: * were disclosed by the CA or discovered by the auditor, and * occurred or were open at any time during the audit period; _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy