On Tue, Oct 18, 2016 at 2:33 PM, Ryan Sleevi <[email protected]> wrote: > > I think there's some confusion there. CNNIC's audits "expire" on Feb "29" > 2017 (I say "29" because of ambiguity on "1 year"). That is, within 3 months > of Feb "29", 2017, CNNIC would be expected to provide a new audit, which > covers February 29, 2016 (the end of the previous audit period) until > February "29", 2017. This would then be delivered to Mozilla within 3 months > - May 29, 2017. > > I'm not sure I understand your remark "last a year" - merely, there must be > an unbroken sequence of audits. The current sequence ends February 29, 2016. > The next sequence must not exceed a year, and must be delivered within 3 > months of the full year period expiring.
There is also a requirement that each audit period may not be less than 60 days. Thanks, Peter _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
