Hi Jeremy, Thanks for responding,
On Mon, 18 May 2020 at 21:58, Jeremy Rowley via dev-security-policy <dev-security-policy@lists.mozilla.org> wrote: > > There are others in this same group of pending Mozilla closure: > https://bugzilla.mozilla.org/show_bug.cgi?id=1496616 > https://bugzilla.mozilla.org/show_bug.cgi?id=1463975 > https://bugzilla.mozilla.org/show_bug.cgi?id=1532559 > https://bugzilla.mozilla.org/show_bug.cgi?id=1502957 (Waiting on Wayne) > > -----Original Message----- > From: dev-security-policy <dev-security-policy-boun...@lists.mozilla.org> On > Behalf Of Jeremy Rowley via dev-security-policy > Sent: Monday, May 18, 2020 1:52 PM > To: Mozilla <mozilla-dev-security-pol...@lists.mozilla.org> > Subject: RE: Status of the bugzilla bug list > > I think your list of 23 is wrong. For example, bug 1550645 is just waiting > for Mozilla closure. It looks like 1605804 is in the same boat. I believe my list is correct. As I said, the specific list contains issues that ( " have not been touched for >4 weeks" AND ( "of which it is unclear why they're still open" OR "of which it is unclear what they're waiting for" ) ). The list is provided as a guidance, not an authorative list (that should be the base dashboard). CAs should of course decide for themselves which issues should be updated & checked. Further, a comment requesting the closure of the issue is in my opinion not enough to remove it from this list; When an issue can be closed, it should have been closed already (there's been >4 weeks for that without action on Mozilla's part). If an issue is still after those 4 weeks, then either Mozilla was lax in its closing of issues, or there is an uncommunicated need for missing information from Mozilla. This is why they are also included in the list. This is also why I explicitly called for Mozilla to also check the issues - a part of the set is "closable" according to the CA, but no action taken by Mozilla. With regards, Matthias _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy