On Tue, Oct 18, 2016 at 2:33 PM, Ryan Sleevi <r...@sleevi.com> wrote:
>
> I think there's some confusion there. CNNIC's audits "expire" on Feb "29" 
> 2017 (I say "29" because of ambiguity on "1 year"). That is, within 3 months 
> of Feb "29", 2017, CNNIC would be expected to provide a new audit, which 
> covers February 29, 2016 (the end of the previous audit period) until 
> February "29", 2017. This would then be delivered to Mozilla within 3 months 
> - May 29, 2017.
>
> I'm not sure I understand your remark "last a year" - merely, there must be 
> an unbroken sequence of audits. The current sequence ends February 29, 2016. 
> The next sequence must not exceed a year, and must be delivered within 3 
> months of the full year period expiring.

There is also a requirement that each audit period may not be less than 60 days.

Thanks,
Peter
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Reply via email to