Here is the spreadsheet I am using to track my analysis of the SHA-1 issuances discovered in crt.sh:
https://docs.google.com/spreadsheets/d/1s0zsDjkHkPpFPd9LCtaJDgra5hqmcHmRor_sHSLl5Yg/edit It includes notes about each incident and my determination of what to do. At the moment, bugs are open for all incidents I intend to pursue. However, people may want to make a case for different action. GA stands for Grudgingly Accepted - in an ideal world this would not exist but, for the given reason, no further action is planned. Gerv _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
