Nelson B wrote [in part]: > > I've been telling people to disucss it in the newsgroup, NOT in bugzilla. > I believe bugzilla is NOT the place for general advocacy discussions. > I believe the comments in bugzilla about a particular application should > be limited to > a) the sole champion of the CA > b) the "module owner" of the certificates module > c) any developers specifically tasked with doing the jobs of making source > changes. > d) mozilla foundation members. > > IMO, we do NOT want any more bugs with hundreds of people on the cc list > and hundreds of comments in them. > > Yet your new policy details doc says: > > "The module owner and other interested parties will discuss the > request in Bugzilla (not in the newsgroup and mailing list)." > > Maybe if you define "interested parties" to include only the folks I named > above, I'd agree.
Changes to the CA certificate database are changes to the configuration. Proper configuration management processes require that a formal bug be opened before work begins on implementing such a change. Once that occurs, Bugzilla becomes the proper forum where decisions are made whether to correct or reject the bug and where comments are made that affect those decisions. If an outsider (e.g., me) sees a problem with what is requested in a bug report or with a proposed implementation, I should not remain silent and allow a discrepant implementation to occur. As someone who uses Mozilla to do my banking and investing, I have a strong vested interest in ensuring that Mozilla's CA certificate database retains integrity. Thus, I am as much an "interested party" as those who are implementing or testing the change. -- David E. Ross <http://www.rossde.com/> I use Mozilla as my Web browser because I want a browser that complies with Web standards. See <http://www.mozilla.org/>. _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
