On Sun, Jan 17, 2021 at 12:51:29AM -0800, Ramiro Muñoz via dev-security-policy wrote: > We don’t ask the community to disregard the data, on the contrary we ask > the community to analyze the data thoroughly including the impacts > produced.
OK, I'll bite. As a member of the community, I've analyzed the data thoroughly, and I'm not impressed. Camerfirma does not appear to grasp the fact that "nothing bad has happened yet" is a *bad take*. "Nothing bad has happened yet" is how every CA starts its life. It is not something to be proud of, it's the absolute bare minimum. The volume of incidents that Camerfirma has had is troubling, but it's the repetition of the nature of the incidents, and the lacklustre way in which they have been responded to, that causes me to think that Camerfirma has no place in the Mozilla trust store. - Matt _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy