CA/Bug Triage: Difference between revisions

Jump to navigation Jump to search

CA/Bug Triage (view source)

Revision as of 22:34, 6 February 2017

509 bytes removed ,  6 February 2017
Drafting initial text
(Drafting initial text)
(Drafting initial text)
Line 12: Line 12:
* [[CA:SalesforceCommunity#Documents|CA Audit statements]], when they are not published on [http://www.webtrust.org/ webtrust.org], the auditor's website, or the CA's website.
* [[CA:SalesforceCommunity#Documents|CA Audit statements]], when they are not published on [http://www.webtrust.org/ webtrust.org], the auditor's website, or the CA's website.


The CA Program whiteboard tags:
CA Program whiteboard tags:
* [https://bugzilla.mozilla.org/buglist.cgi?quicksearch=[psm-assigned] [psm-assigned]] are bugs that currently have an assignee. These should all be P1.
* Root Inclusion/Change requests, and EV treatment enablement requests
* [https://bugzilla.mozilla.org/buglist.cgi?quicksearch=[psm-backlog] [psm-backlog]] consists of the backlog of bugs we should fix in PSM. These should all be P2 or P3. If they are P1, they should have an assignee and the tag should be [psm-assigned].
** [ca-initial] -- not enough information to begin the Information Verification phase
* [https://bugzilla.mozilla.org/buglist.cgi?quicksearch=[psm-cleanup] [psm-cleanup]] consists of code maintenance bugs that would make development easier, but don't directly impact functionality. These are probably mostly P3 or P5.
** [ca-verification] -- in Information Verification phase
* [https://bugzilla.mozilla.org/buglist.cgi?quicksearch=[psm-tracking] [psm-tracking]] are meta bugs that track larger work. These should all be P3.
** [ca-verified] (date) -- Information Verification phase complete. Ready for public discussion. In parentheses add date when Information Verification phase was completed.
* [https://bugzilla.mozilla.org/buglist.cgi?quicksearch=[psm-deprecation] [psm-deprecation]] are bugs that involve deprecating weak cryptography
** [ca-discussion] -- in discussion in the mozilla.dev.security.policy forum.
* [https://bugzilla.mozilla.org/buglist.cgi?quicksearch=[psm-clientauth] [psm-clientauth]] consists of bugs involved with TLS client authentication
** [ca-discussion-hold] -- discussion on hold, pending CA actions.
* [https://bugzilla.mozilla.org/buglist.cgi?quicksearch=[psm-smartcard] [psm-smartcard]] are bugs involving PKCS#11 devices
** [ca-hold] -- CA's request is on hold, typically because the CA is a super-CA, so all of their subCAs have to achieve inclusion first.
* [https://bugzilla.mozilla.org/buglist.cgi?quicksearch=[psm-documentation] [psm-documentation]] are bugs on writing or improving PSM documentation
** [ca-pending-approval] -- final notice of intent to approve the CA's request
* [https://bugzilla.mozilla.org/buglist.cgi?quicksearch=[psm-waiting] [psm-waiting]] are bugs that are waiting on some external input
** [ca-approved] -- request is approved, pending code changes in NSS
* [https://bugzilla.mozilla.org/buglist.cgi?quicksearch=[psm-blocked] [psm-blocked]] are bugs that are blocked on other work
** [ca-approved-ev] -- request is approved, certs are in NSS, pending code changes in PSM
* [https://bugzilla.mozilla.org/buglist.cgi?quicksearch=[psm-intermittent] [psm-intermittent]] are bugs filed for intermittently failing tests in PSM
* Concerns about certificates CAs have issued
* [https://bugzilla.mozilla.org/buglist.cgi?quicksearch=[psm-would-take] [psm-would-take]] are bugs where we would review patches from contributors, but otherwise we won't be working on them. These should be P5.
** [ca-concern] -- concern has been raised about certificates that a CA has issued
 
** [ca-incident] -- the concern about a CA's certificates has been confirmed, and further investigation and action required to understand and contain the incident.
These are the [https://bugzilla.mozilla.org/buglist.cgi?cmdtype=runnamed&namedcmd=psm-untriaged remaining untriaged bugs] with respect to internal bug management.
** [ca-incident-response] -- the incident has been contained, and the CA has follow-up action items
** [ca-compliance] -- the concern about a CA's certificates is in regards to failure to comply with Mozilla policy and/or the CA/Browser Forum's Baseline Requirements, and is determined to not be an imminent security concern.
* CA Audit Statements
** [ca-audit] -- One bug may be created per CA to store audit statements that are not published on [http://www.webtrust.org/ webtrust.org], the auditor's website, or the CA's website. The bug will be closed as WONTFIX, but the CA may continue to add documents to the bug each year.
Kathleen Wilson
Confirmed users, Administrators
5,526

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/1162019"

Navigation menu