On Thu, Aug 02, 2018 at 06:19:42AM -0700, Juan Angel Martin via dev-security-policy wrote: > > 6) Explanation about how and why the mistakes were made or bugs introduced, > and how they avoided detection until now. > > The procedure established to publish the CAs into CCADB wasn't correct cause > it didn’t foresee the contingency of the person in charge of disclosing CA’s > certificates into CCADB and the person acting as a backup weren’t available.
This looks like a process issue to me, and adding a 3rd person won't fix that. The certificate should not having been used until someone confirmed that it was done. Kurt _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
