On Wed, Feb 22, 2012 at 7:19 PM, Al Billings <[email protected]> wrote: > Hello, > > They weren't rewarded. They were not punished for voluntarily coming > forward and reporting the problem to Mozilla. Punishing them for doing > so would only convince others not to come forward in the future. This > has triggered a policy change and announcements to CA, if you've > followed Mozilla's security policy discussions and these *will* result > in people being removed for such behavior in the future. > > Hyperbole serves no real purpose here. The previous was a statement of facts. "Inmates running the asylum" is hyperbole.
If you find you are sensitive to the position taken, it could indicate you took the wrong position. Jeff > On 02/22/2012 04:12 PM, Jeffrey Walton wrote: >> It appears to be official. >> >> Trustwave issued MitM certificates, which is deceptive, unethical, and >> contrary to its agreement for inclusion. >> >> Mozilla just rewarded their violations of trust by continuing their >> inclusion. Apparently, agreements between Mozilla and CAs have no >> veracity as both are more than happy to violate the end user. >> >> Original Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=724929 >> NSS and Firefox Update: https://bugzilla.mozilla.org/show_bug.cgi?id=728617 >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ > > > -- > Al Billings > Mozilla Security > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
