Ryan, On Mon, Feb 18, 2019 at 4:58 PM Ryan Sleevi via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote:
> On Mon, Feb 18, 2019 at 2:49 PM Jakob Bohm via dev-security-policy < > dev-security-policy@lists.mozilla.org> wrote: > > > On 15/02/2019 19:33, Ryan Sleevi wrote: > > > On Fri, Feb 15, 2019 at 12:01 PM Jakob Bohm via dev-security-policy < > > > dev-security-policy@lists.mozilla.org> wrote: > > And by > > all means run multiple checkers that purport to check the same > > things. > > > While I realize there is a tendency to speak in the abstract here, I think > it’s both valuable and appropriate to highlight that there are no such > linters in the market, just as there is no “linter market” or “linter > vendors”. None of the open-source projects purport to cover the same set of > checks - certlint, x509lint, and zlint all detect the problem with the Izenpe certificate [1]. While I realize that none of these linters perform the exact same set of checks, there is significant overlap that is in no way abstract. each represents a different and complementary effort to examine > different elements of the issuance pipeline. > > If you are referring to certlint, x509lint, and zlint, can you explain this statement? [1] https://crt.sh/?id=1202714390&opt=cablint,x509lint,zlint _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
