Ubuntu
evolution package

Bug #232340
Comment #200

Comment 200 for bug 232340

Revision history for this message

In Mozilla Bugzilla #215243, Iang-iang (iang-iang) wrote on 2007-04-26:

#200

I've just been made aware of comments on this bugtrack that deserve some response, apologies for the delay.

As brief as I can make it: in December of 2005 I took on the role of Independent Auditor of CAcert's Certificate Authority. This task is guided by David Ross's Criteria ("DRC"), mentioned earlier by David Ross himself, and earlier pre-approved by Mozilla for their purposes.

Around June 2006, the audit process discovered severe imbalances in the contractual relationships between CAcert, its user community, Assurers and the world at large, as found by DRC. In October 2006, server issues arose which caused a difficult migration, still on-going. These also do not meet DRC.

In December 2006, I therefore suspended the audit until that could be put in place to handle the difficult international responsibilities. Until resolved, CAcert is formally not seeking access to root lists, partnerships or the like, at the current time. This includes the list managed by Mozilla Foundation. Until CAcert's many tasks are complete, everything is in a "holding pattern" including any addition to browsers.

I can observe, but not promise, current progress: Members of the Association and others are working to meet the requirement for management over the coming months. Work is ongoing on the server transition, and announcements may happen on that.

For all CAcert's promise, the audit remains a serious process and a difficult hurdle. It works to a criteria that is objective and repeatable. The result is intended to be reliable and comparable. We may have our comments to make outside, but inside, we have a defined task. It is up to CAcert to do what is required, and they will get there in due course, or choose another path.

In the meantime, there is no point in pressuring Mozilla on the issue. Better if you wish to help, join CAcert as a user and contribute on their large task list.

Ian Grigg, Independent Auditor for CAcert's CA.

I've just been made aware of comments on this bugtrack that deserve some response, apologies for the delay.

As brief as I can make it:  in December of 2005 I took on the role of Independent Auditor of CAcert's Certificate Authority.  This task is guided by David Ross's Criteria ("DRC"), mentioned earlier by David Ross himself, and earlier pre-approved by Mozilla for their purposes.

Around June 2006, the audit process discovered severe imbalances in the contractual relationships between CAcert, its user community, Assurers and the world at large, as found by DRC.  In October 2006, server issues arose which caused a difficult migration, still on-going.  These also do not meet DRC.

Although these combined issues are being worked through, they caused CAcert to realise that it had outgrown its ability to manage as a tight, developer-driven open source organisation.  Although the community is very keen, and the product is very valuable to its users, it now needs a stronger and broader management structure.
 
In December 2006, I therefore suspended the audit until that could be put in place to handle the difficult international responsibilities.  Until resolved, CAcert is formally not seeking access to root lists, partnerships or the like, at the current time.  This includes the list managed by Mozilla Foundation.  Until CAcert's many tasks are complete, everything is in a "holding pattern" including any addition to browsers.

I can observe, but not promise, current progress:  Members of the Association and others are working to meet the requirement for management over the coming months.  Work is ongoing on the server transition, and announcements may happen on that.

For all CAcert's promise, the audit remains a serious process and a difficult hurdle.  It works to a criteria that is objective and repeatable.  The result is intended to be reliable and comparable.  We may have our comments to make outside, but inside, we have a defined task.  It is up to CAcert to do what is required, and they will get there in due course, or choose another path.

In the meantime, there is no point in pressuring Mozilla on the issue.  Better if you wish to help, join CAcert as a user and contribute on their large task list.

Ian Grigg, Independent Auditor for CAcert's CA.

Ubuntuevolution package

Comment 200 for bug 232340

Ubuntu
evolution package