On 24/05/17 15:31, Peter Kurrasch wrote: > It might be fair to characterize my position as "vague but > comprehensive"...if that's even possible? There are some standard-ish > frameworks that could be adopted:
I think we would prefer to wait for the CAB Forum to adopt something rather than attempting to define and enforce our own. If for no other reason than the CAB Forum thing is more likely to be audited and therefore to have actual teeth. > If you'd like to keep the policy to a sentence or so, perhaps we could > use some "including but not limited to" verbiage? Well, the draft wording we started with used "for example"... :-) Gerv _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
