> Here is my personal opinion on which discussions should go > where (assuming we have an official policy in place): > > 1. Bugzilla is clearly the proper place for discussions as to whether to > include or not include a particular CA's certs, based on whether they > conform to the requirements in the policy as defined. > > 2. The newsgroup is clearly the proper place for general discussions > about the policy, issues that affect all CAs (e.g., whether or not to > enable CRL checking by default), issues relating to a particular CA that > are outside the scope of the policy (e.g., its sales practices, etc.), > and issues relating to the browser's security model in general as it > applies to SSL, S/MIME, and code signing. > > If discussions of type 1 above start to evolve into discussions of type > 2, then I or someone else can encourage people to continue discussions > in the proper forum.
I suggest you correspond with one or more of the maintainers of b.m.o about this. Bug 215243 has taxed b.m.o to its very limits, because of the size of the CC list for that bug, and for the bugs that depend on it and block it (all of which get notified whenever it changes). for weeks, B.M.O's bug emailer was unable to finish distributing mail to the CC list before the next comment was added, which caused all sorts of problems. If the b.m.o maintainers are happy with the above policy, then I'm happy.
I would request one other detail. At the point if/when a bug in product mozilla.org with component CA Certificates gets to the point where a
decision is made to add a ca cert, please do NOT turn that bug into an
NSS bug to do the actual addition. Rather, create a new NSS bug that is
free of all the advocacy that supplies the technical particulars (e.g. the certs). Thanks.
-- Nelson B
_______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
