On Tuesday, March 13, 2018 at 23:51:01 UTC+1 js...@letsencrypt.org wrote:

> Clearly we should have caught this earlier in the process. The changes we 
> have in the pipeline (integrating certlint and/or zlint) would have 
> automatically caught the encoding issue at each staging in the pipeline: in 
> development, in staging, and in production.

So to clarify I understand this: The same problem was in the staging 
environment and there where also certificates with illegal encoding issued in 
staging, but you didn't notice them because no one manually validated them with 
the crt.sh lint?

Or are there differences between staging and production?
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Reply via email to