On 24/09/15 02:58, Peter Kurrasch wrote: > I suppose my comment was not as clear as I intended but, yes, I think > Mozilla's commitment to openness is a reason to keep the code sign bit > and continue to review CA inclusion requests for their code signing > roots. I'm not aware of another organization who is in a similar > position as Mozilla with a similar commitment to openness who could > carry this work forward if the decision is made to remove the code > signing trust bit.
But that argument carries very little weight if no-one actually pays attention to our code-signing trust bit. Does anyone? If it's not useful to anyone, why keep it? Gerv _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
