I would like to suggest to add the clause "if legally allowed" at the end. I had some crazy discussions with colleagues in Russia and Québec about documents in English. Also it should be added that the audit information must be publicly available in the Internet. The whole sentence would be:
"The audit information MUST be publicly available in the Internet. An English version MUST be provided. The English version MUST be authoritative if legally possible under the jurisdiction of the CAs home country." With best regards, Rufus Buschart Siemens AG GS IT HR 7 4 Hugo-Junkers-Str. 9 90411 Nuernberg, Germany Tel.: +49 1522 2894134 mailto:[email protected] www.siemens.com/ingenuityforlife -----Original Message----- From: dev-security-policy [mailto:dev-security-policy-bounces+rufus.buschart=siemens....@lists.mozilla.org] On Behalf Of Tim Hollebeek via dev-security-policy Sent: Donnerstag, 5. April 2018 02:49 To: Ryan Hurst; [email protected] Subject: RE: Policy 2.6 Proposal: Require English Language Audit Reports Call me crazy, but for this particular requirement, I think simple sentences might be better. "The audit information MUST be publicly available. An English version MUST be provided. The English version MUST be authoritative." -Tim > -----Original Message----- > From: dev-security-policy [mailto:dev-security-policy- > [email protected]] On Behalf Of > bounces+Ryan > Hurst via dev-security-policy > Sent: Wednesday, April 4, 2018 7:19 PM > To: [email protected] > Subject: Re: Policy 2.6 Proposal: Require English Language Audit > Reports > > > > An authoritative English language version of the publicly-available > > audit information MUST be supplied by the Auditor. > > > > it would be helpful for auditors that issue report in languages > > other than English to confirm that this won't create any issues. > > That would address my concern. > _______________________________________________ > dev-security-policy mailing list > [email protected] > https://clicktime.symantec.com/a/1/qGy7WL45gRate5ccNJV7plt7IjXPV-pd- > LTa9gPkQc8=?d=fgUiNjCpj8UK6ue4NShfzLGHGzkJWwPb3tOchiTvGntTxuK9bVX > 5aMMPzBijLrabsuGnsFF4O9QSQsBjPBTpEb0gpSmHGiantqc2OcSQ0D4jZ5aLA1u > eomyRD8-dNmIp4I87-T1G40WpIGyLEnm- > Z2ye83FoVpIrjeWcM6ujsgxkvPTYEEPgJJ5S8QA9fQctHsjXIyT8HT8j6vDTknG1enh > GZ_T_dA6JBbp81zJ4L1Ca2eX6aXcvz5BgcHvS6yotf6bd2EfLLWJKAZnR6o1yRxbzw > lGl0_7xHVJs8xbMEdUuaI4b4pcup6QbPJsW1UQHIPAR6GFsxCauMSz5EJ- > 5c38HJOLDPZLF5Tj0N6r- > JIozX3YVUyZqRdSb4iIILNv8LsXVCwyud6ALgaqx4PJwF_leqzOCmmHBoYDZqI9z0 > 932I7QTktLec_1ZHGSkFGA664AXspslouRvtqP4eZfikJgsBoxEO1G2a2tx6n5uwZle > -vFX&u=https%3A%2F%2Flists.mozilla.org%2Flistinfo%2Fdev-security-polic > y _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
