On 21/12/16 05:38, Jakob Bohm wrote: >> I'm not sure what you are getting at; m.d.s.p is "in writing", as is "in >> Bugzilla". I say "in writing" because I want to make sure some CA >> doesn't come back with "you said it was OK when we chatted at CAB >> Forum", or "you implied it was OK by accepting this other license over >> here which is almost the same". > > I guess he meant that an "in writing" acceptance in an obscure or > non-public forum (such as IRC or private e-mail) should not count, > since it is not auditable which such acceptances exist.
It doesn't need to be auditable; CAs are not audited against Mozilla's policy requirements. And Mozilla knows what license use permissions it has given out. Regardless, we would expect to publish any such exceptions granted in the application bug or some other obvious place. Gerv _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
