在 2016年10月14日星期五 UTC+8下午11:23:10，Gervase Markham写道：
> Hi Xiaosheng,
> On 14/10/16 16:06, 谭晓生 wrote:
> > We’ll rewrite all the code with different programing language or buy
> > 3rd party components (for example: PKI), Wosign team using .Net, but
> > my team never use .Net, they are good at C/C++ and PHP, Python.
> It would be great to be clear about what the plan in each case - whether
> it's a "audit, check and review" of the existing codebase, or whether
> it's a rewrite, or whether it's a 3rd party implementation.
> The deadlines in the document are:
> Website: Dec 31st 2016
> CMS: Dec 31st 2016
> PKI: Dec 1st 2016 (replace with StartCom version)
> Feb 2017 (implement 3rd party)
> OCSP/CRL: Dec 1st 2016
> There are only six weeks between now and Dec 1st 2016. There is no way
> your team, no matter how big or skilled it is, can safely and securely
> write a new OCSP/CRL system in six weeks, and then finish a website and
> a CMS four weeks after that. Even if Python is awesome ;-)
There's no any open-source solution? Maybe Mozilla could build one?
dev-security-policy mailing list