Confirm, administrator
5,526
edits
Changes
m
Updated due to MDSP migration
# Decide on course of action
#* See [https://wiki.mozilla.org/CA/Maintenance_and_Enforcement#Potential_Problems.2C_Prevention.2C_Response Immediate Minimum Responses] above.
#* Depending on the situation, discussion to determine the course of action may occur in private security group email list and/or in the public [https://groups.google.com/a/mozilla.org/g/dev.-security.-policy forumMDSP mailing list].
#* The bug will be updated to indicate corresponding decisions.
# Measure Impact of Change
#* Depending on the timing and the urgency of the patch, the update may be done either as part of regularly scheduled [https://wiki.mozilla.org/Releases Mozilla releases,] or as a chemspill update (an off-schedule release that addresses live security vulnerabilities). Some Linux users of Firefox use their OS version of NSS, so they would have to make sure that they pick up the [https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_Releases new version of NSS].
# Communication / Announcements
#* Announcement in the [https://wwwgroups.google.com/a/mozilla.org/en-USg/about/forums/#dev-security-policy mozilla.dev.security.policyMDSP mailing list]
#* If the Active Distrust is the result of a security incident, then the Mozilla Security Group will assign a [http://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures CVE (security incident number)] and reference the new version of NSS or root module.
#* May send an email communication to all CAs, depending on situation.
