All,
I've modified the proposed change to MRSP section 3.2 so that it would now
insert a middle paragraph that would read:
"A Qualified Auditor MUST have relevant IT Security experience, or have
audited a number of CAs, and be independent and not conflicted. Individuals
have competence,
On Tue, 9 Feb 2021 14:29:15 -0700
Ben Wilson via dev-security-policy
wrote:
> All,
> GlobalSign has provided a very detailed incident report in Bugzilla -
> see https://bugzilla.mozilla.org/show_bug.cgi?id=1690807#c2.
> There are a few remaining questions that still need to be answered,
> so
Here is an edit to proposed subparagraph 11 of MRSP section 3.1.4:
The publicly-available documentation relating to each audit MUST contain at
least the following clearly-labelled information:
11. all incidents (as defined in section 2.4), including those reported in
Bugzilla, that were:
*
On Thu, Feb 11, 2021 at 1:11 PM Nick Lamb via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> I have a question (if I should write it in Bugzilla instead please say
> so it is unclear to me what the correct protocol is)
>
While Mozilla Policy permits discussion in both, I
All,
I am proposing for v. 2.7.1 a minor change that corrects a hyperlink issue
in MRSP section 8.
The link to "material change" here redirects to "alteration of instruments"
- https://legal-dictionary.thefreedictionary.com/Material+Changes, which is
altogether wrong since we're talking about a
5 matches
Mail list logo