Re: Policy 2.7 Proposal: Clarify Point-in-Time Audit Language
I will will include this change in policy version 2.7. - Wayne On Wed, Mar 27, 2019 at 8:04 PM Ryan Sleevi wrote: > I'm not sure whether it's necessary to indicate support, but since silence > can sometimes be ambiguously interpreted: I support these changes and > believe they achieve the desired outcome. > ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: Policy 2.7 Proposal: Clarify Point-in-Time Audit Language
I'm not sure whether it's necessary to indicate support, but since silence can sometimes be ambiguously interpreted: I support these changes and believe they achieve the desired outcome. ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Policy 2.7 Proposal: Clarify Point-in-Time Audit Language
I'm [hopefully] beginning with a simple change that clarifies the language used for Point-in-Time (PiT) audits used in policy. Section 3.1.3 of our policy currently references a "point-in-time assessment", and section 8 uses the undefined abbreviation "PITRA", which stands for "point-in-time readiness assessment". A readiness assessment refers to an engagement between an auditor and a CA that does not produce a public audit report. It's clear that we want a PiT audit. The proposed changes are: https://github.com/mozilla/pkipolicy/compare/2.7@%7B03-21-19%7D...2.7 I will appreciate feedback from anyone who has concerns with these changes. - Wayne This is https://github.com/mozilla/pkipolicy/issues/151 ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy