Yes, there are similar ones everywhere, so I´m familiar with it :-) And you´re right, I also make contributions in many other places, ETSI, ENISA, CABF (used to), ... and not get paid for that, but it´s also true that the way the distrust happened didn´t give us time or much time to act accordingly, even now people is asking for the distrust or asking for refunds due to the distrust.
And yes, we tried to do it quickly and we know what happened but we didn´t re-apply at that time. We got issues and until all of them were fixed and we receive the OK we didn´t move forward. We wanted to meet the deadline we imposed ourselves and even reached, it was not in a good shape, so, had to start again. And that´s what I said internally, that it didn´t matter if we could not make it in 6 months as indicated in the sanction and it took us nearly 10, taking into account that everything was new. Best regards Iñigo Barreira CEO StartCom CA Limited > -----Original Message----- > From: dev-security-policy [mailto:dev-security-policy- > bounces+inigo=startcomca....@lists.mozilla.org] On Behalf Of Nick Lamb via > dev-security-policy > Sent: viernes, 15 de septiembre de 2017 1:22 > To: mozilla-dev-security-pol...@lists.mozilla.org > Subject: Re: FW: StartCom inclusion request: next steps > > On Thursday, 14 September 2017 16:00:35 UTC+1, Inigo Barreira wrote: > > Well, finally this is a business and I don´t think none on this list is > > working > for free. At the end everyone has his/her salary, etc. But that was not the > main reason because getting included in the root programs takes time but > wanted to provide our customers which gave us support for what happened > with the distrust (which IMHO in the case of Startcom was very aggressive) a > solution generating a new fresh and clean system. > > I can't speak for other people contributing to m.d.s.policy but of course I am > not paid to do this. I have a job, but it isn't this. I have never asked my > employer's permission to contribute here, judging it to be entirely outside > their purview. My job does include running a (small, private) CA, but then it > also includes maintaining a DBMS, a web crawler and all sorts of other stuff, > I'm sure it would be possible to identify some connection to my job for almost > any technical contribution I could make anywhere. > > There is an proverb in English, I am not sure if you're familiar with it, > "More > haste, less speed". What this means is that in trying to perform a task as > quickly as possible you may instead cause yourself such extra trouble that in > the end the task takes even longer to complete. I am sure that even if you > have not come across a phrase like this before you can see its applicability > to > the situation for StartCom. > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
