Re: Symantec: Draft Proposal

[Eric Mill via dev-security-policy]

On Sun, May 7, 2017 at 6:09 PM, Rick Andrews via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:

> I'm posting this on behalf of Symantec:
>
> We would like to update the community about our ongoing dialogue with
> Google.
>
> Following our May 4th post, senior executives at Google and Symantec
> established a new dialogue with the intention to arrive at a new proposal
> for the community that addresses the substantial customer impact that would
> result from prior proposals. We urge Symantec customers and the browser
> community to pause on decisions related to this matter until final
> proposals are posted and accepted.


This call for the browser community to not make any decisions until Google
and Symantec finalize and accept a proposal completely marginalizes and
ignores both Mozilla and the broader web community.

The "new dialogue" part also comes across as having gone over Ryan's head.
This is unfortunately consistent with Symantec's latest blog post, which
unprofessionally referred to proposals by "Mr. Sleevi" and "Mr. Markham".
These statements personalize the issue and marginalize the proposals by
casting them as individual opinions and not the views of their
organization. They also reinforce the perception that Symantec sees their
situation as the product of an unreasonable person or two and not the
result of their own errors.

This list just spent the last two weeks focused on a large host of issues,
curated by Mozilla on their wiki and discussed by the broader community
here. So far, all Symantec has done to publicly respond to those is to send
a single email per-issue, and then not otherwise participate in the
discussion beyond blog posts.

Posting a call to Mozilla's community list asking for Mozilla and its
community to pause while Symantec gets on the phone with senior Google
executives to work it all out is a baffling tactic. I hope Mozilla
continues to assert its stake in this process.

-- Eric

The intent of both Google and Symantec is to arrive at a proposal that
> improves security while minimizing business disruption across the community.
>
> We want to reassure the community that we are taking these matters and the
> impact on the community very seriously.
> ___
> dev-security-policy mailing list
> dev-security-policy@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-security-policy
>
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Re: Symantec: Draft Proposal

[Kurt Roeckx via dev-security-policy]

On Sun, May 07, 2017 at 03:09:10PM -0700, Rick Andrews via dev-security-policy 
wrote:
> We urge Symantec customers and the browser community to pause on decisions 
> related to this matter until final proposals are posted and accepted.

You appear to be saying that Mozilla doesn't have anything to say
anymore and that it's just between Symantec and Google and that
Mozilla and the rest of the community would just have to agree with
that.

I'm in no way speaking for Mozilla, but that looks like unacceptable
to me. I suggest that if you have a proposal that you post it to
this list, or that Google posts it to their list, before it's
accepted.


Kurt

___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy