Hi Xiaosheng, On 14/10/16 16:06, 谭晓生 wrote: > We’ll rewrite all the code with different programing language or buy > 3rd party components (for example: PKI), Wosign team using .Net, but > my team never use .Net, they are good at C/C++ and PHP, Python.
It would be great to be clear about what the plan in each case - whether it's a "audit, check and review" of the existing codebase, or whether it's a rewrite, or whether it's a 3rd party implementation. The deadlines in the document are: Website: Dec 31st 2016 CMS: Dec 31st 2016 PKI: Dec 1st 2016 (replace with StartCom version) Feb 2017 (implement 3rd party) OCSP/CRL: Dec 1st 2016 There are only six weeks between now and Dec 1st 2016. There is no way your team, no matter how big or skilled it is, can safely and securely write a new OCSP/CRL system in six weeks, and then finish a website and a CMS four weeks after that. Even if Python is awesome ;-) Gerv _______________________________________________ dev-security-policy mailing list firstname.lastname@example.org https://lists.mozilla.org/listinfo/dev-security-policy