On 10/4/2015 5:18 AM, [email protected] wrote:
As to whether or not to remove the trust bits for code signing and email, I
guess I would ask: Why did Mozilla include/create the trust bits in the first
place? Was it only to support Mozilla applications like Thunderbird? Or was
it to serve as a public resource, beyond Mozilla applications?
If the former, and if Mozilla no longer has any code signing or email
certificate dependent applications, then I suppose you can drop the trust bits.
You seem to be implying that Thunderbird is no longer a Mozilla
application. Where do you get this idea? Thunderbird is very much an
active Mozilla application. As far as I understand it, we are still the
#2 Mozilla application in terms of number of users. Do users matter?
We have many active volunteers who thought they were Mozillians. Are
volunteer Mozillians irrelevant? Are we no longer "One Mozilla"?
Mozilla is quite confused these days about who they are. Is Mozilla just
the MoCo Firefox business, earning search revenue to pay good salaries
to managers, staff, and other insiders? Or is it the Mozilla Foundation
with all of its lofty goals?
If Mozilla is just the Firefox business, then why do we care about
things like radical participation? What right do we have to expect
people to volunteer and radically participate in just some business? The
Mozilla I thought I was part of was more than just a money making
machine that makes so-called "business decisions".
I just got a widely-distributed email from Mark Surman entitled, "Stand
up for strong security". In that, he said:
"Encryption turns private information like emails and credit card
information into garbled letters and numbers so that only authorized
people can translate the messages back to their original form."
How can the Mozilla Foundation be talking about the importance of email
encryption, when we are here talking about removing the email
code-signing bit which is a critical contribution that Mozilla is
currently making toward encryption, and is critical to the primary
application that Mozilla has that promotes email encryption?
OK m.d.s.policy, "stand up for strong security" and quit talking about
deprecating the email signing bit! If it's not working as well as you
would like, then "stand up for strong security" and let's work together
to get it fixed.
R. Kent James
Chair, Thunderbird Council
@rkentjames
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
