On 04/10/2018 19:40, Wayne Thayer wrote:
On Thu, Oct 4, 2018 at 9:48 AM Jakob Bohm via dev-security-policy <
[email protected]> wrote:
(In reply to Matt Palmer in message-id
[email protected])
I seem to recall that the bad practice was explicitly called out in
their (old) CP/CPS, which was applicable at the time. Thus any similar
misunderstanding should be discoverable by Mozilla and/or their auditor
comparing the CP/CPS with the BR, Mozilla, National and other applicable
requirements. However this has been a long discussion and some posts
have been expired by the mozilla NNTP server.
Devon discovered this during his review of Certigna's root inclusion
request:
https://groups.google.com/d/msg/mozilla.dev.security.policy/z7iDk9CdTFo/9zQpW1-bCwAJ
I was merely suggesting that since the mistake could be found with that
review of the CPS (to which they are already audited), this would be a
more effective way to conduct the review of their general BR
understanding or lack thereof, as requested by Matt Palmer.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
