Hi all, The Mozilla root store policy has not been updated since July 2013 - 3.5 years ago. We are now on the verge of shipping version 2.3, which contains some edits which have been pending for more than a year, agreed during the last period of policy update activity. That version will be applicable immediately. The goal of version 2.4 is to do any updates which are either urgent, or relatively uncontroversial and self-contained, so we can ship another version soon which deals with much of the backlog and out-of-dateness. This will hopefully give us the breathing space to look at the tougher and more widely-scoped issues over a longer timescale.
Therefore, further to the process outlined here: https://wiki.mozilla.org/CA:CertPolicyUpdates I want to kick off some discussions about changes which potentially might make it into the next version of our root store policy, version 2.4 - i.e. ones which are currently triaged as targetting 2.4. If a particular update balloons into a complex discussion, we may decide to postpone it. Here is policy version 2.3, the base version we will be working from: https://github.com/mozilla/pkipolicy/blob/2.3/rootstore/policy.md Policy update proposals are now tracked in Github. Those proposals _not_ currently targetted at 2.4 are here: https://github.com/mozilla/pkipolicy/issues?utf8=%E2%9C%93&q=is%3Aissue%20is%3Aopen%20no%3Amilestone If you think any of them should be targetted at 2.4, please make the case in the thread attached to this message. Remember to explain how the change is either "urgent" or "relatively uncontroversial and self-contained". I will start new individual message threads for the update proposals which are currently targetted for 2.4, on a staggered basis. The full list of those is here: https://github.com/mozilla/pkipolicy/issues?q=is%3Aopen+is%3Aissue+milestone%3A2.4 There are currently 17 of them. Let's try and keep discussion on the mailing list, and put the results back in Github, and see how that goes as a work mode. We will be operating on a "silence is consent" model - if there is no discussion of or dissent against a change and I think it's a good idea, it's going in. Mozilla employee interactions may be reduced a little bit next week as it's the Mozilla 6-monthly get-together. But hopefully they will pick up after that, and beyond Christmas. Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy