I'd just like to add or reinforce a few points based on my approach to
managing open incident bugs:
* I have leaned heavily to the side of leaving bugs open if there is the
potential for additional questions, and always if there are any incomplete
remediations. This means that bugs do tend to
On Thu, Dec 17, 2020 at 10:32 AM Aaron Gable via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> One potential option (5) would be to go even further than (2), and remove
> the OCSP paragraph from the MRSP§6 entirely. Given that MRSP§2.3 says "CA
> operations relating to
On Sat, Dec 19, 2020 at 1:03 AM Ramiro Muñoz via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> Hi Ben, Ryan, Burton and all:
>
> Camerfirma will present its claims based on a description of the problems
> found by associating the references to the specific bugs.
> After
Ben,
Here are my thoughts:
- First off, we have given Camerfirma the benefit of the doubt for too long
and Mozilla can't continue to trust Camerfirma while they remediate these
problems. With all the documented issues and Camerfirma's response, that
would represent an unacceptable ongoing risk
601 - 604 of 604 matches
Mail list logo
