Ubuntu
firefox package

Bug #1271513
Comment #160

Comment 160 for bug 1271513

Revision history for this message

In Mozilla Bugzilla #435736, Kwilson-r (kwilson-r) wrote on 2015-03-04:

#160

(In reply to Rafa from comment #141)
> (In reply to Kathleen Wilson from comment #139)
> > Please see item #2 of
> > https://wiki.mozilla.org/CA:
> > Information_checklist#Verification_Policies_and_Practices
>
> Hi Kathleen,
>
> on this issue, item #2 says:
>
> "If you provide the information yourself (e.g., it is hosted on your own web
> site), please provide us with contact information for the auditor (or other
> third party)."

That is referring to the auditor's statement. If the auditor's statement is published or provided by the CA, then I do a separate process to contact the auditor to confirm the authenticity of the auditor's statement.

>
> So, if we publish at our web site a self-statement and we also provide the
> auditor's contact information, could be enough to meet Mozilla's
> requirements?

No. A self-statement does not help.
We need audit statement(s) that meet the requirements of sections 11 through 14 of
https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/inclusion/

Ubuntufirefox package

Comment 160 for bug 1271513

Ubuntu
firefox package