Given the number of bugs related to CPS errors, I think it is the state of affairs. Changing the CPS to be more directly tied to the operations is a difficult feat. However, I don't think it needs to be the natural law which is why I'm proposing a change in how CPS docs are constructed and work.
On Sat, Jun 14, 2025 at 9:10 PM Matt Palmer <mpal...@hezmatt.org> wrote: > On Thu, Jun 12, 2025 at 11:06:10AM -0400, Jeremy Rowley wrote: > > Well yeah - because they’re often written by a compliance person who > often > > has a very loose connection or understanding of anything engineering > > related. Even if they have engineering acumen, then they’re often distant > > enough from the process that they can’t capture what the CA is doing > > accurately. > > This phrasing makes it sound like this state of affairs is a natural > law, rather than a choice (deliberate or otherwise) to operate that way. > > - Matt > > -- > You received this message because you are subscribed to the Google Groups " > dev-security-policy@mozilla.org" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to dev-security-policy+unsubscr...@mozilla.org. > To view this discussion visit > https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/1516ffc9-c6ff-4fc3-aee9-58208b2def18%40mtasv.net > . > -- You received this message because you are subscribed to the Google Groups "dev-security-policy@mozilla.org" group. To unsubscribe from this group and stop receiving emails from it, send an email to dev-security-policy+unsubscr...@mozilla.org. To view this discussion visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CAFK%3DoS-EDB1QiFOBC%3DzGYowbbL%3D5R2sdz%2BEF63YF2OJXh_84Fg%40mail.gmail.com.
