News of the acquisition is here: https://www.entrust.com/company/newsroom/entrust-sells-public-certificate-business-to-sectigo
I am a bit disappointed that there was not a public announcement on the forum as was requested with other transactions. Will Sectigo be sharing the details of the acquisition? Specific questions that were asked during the Symantec acquisition included: 1) Will Entrust leadership be involved in Sectigo? This was a no-go during the Symantec acquisition and was specifically forbidden by Mozilla. 2) Was notice given to Mozilla? If so, why wasn't this shared with the public? Sectigo isn't publicly traded so I'm surprised the notification was missed. Granted this is not a written requirement - just notice to Mozilla - but given Mozilla's dedication to public discussion, I am very interested to know why this wasn't shared. 3) What are the plans for the platform? Note that during the Symantec transition, DigiCert was required to file a bug and track migration of customers off the legacy Symantec roots and systems (including the front-ends). Where is this plan disclosed? 4) Will Sectigo be filing a bug to provide community updates? This was required during the Symantec acquisition to keep the public informed on progress and issues found with the Symantec environment. If Entrust was distrusted partly because of how archaic its systems are, then there should be equal concern about Sectigo operating those systems without proper public communication. Glad to see Sectigo acquired the business, but I'm concerned that the processes Mozilla required of DigiCert during Symantec are not being addressed here. -- You received this message because you are subscribed to the Google Groups "dev-security-policy@mozilla.org" group. To unsubscribe from this group and stop receiving emails from it, send an email to dev-security-policy+unsubscr...@mozilla.org. To view this discussion visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/a7fb3dbb-1d66-42a1-aa5d-8702bab3b490n%40mozilla.org.
