[cabf_netsec] Time to start voting on SC29v3

[David Kluge]

Thanks Neil. I agree that Ballot SC29 is ready for voting.

When it comes to vulnerability management and change management there is
much that one can discuss. But as you pointed out, neither of these are the
primary subject of this Ballot.
If there is interest in continuing the discussion to add more nuanced
rules, we can do that later in a dedicated Ballot.

On Mon, Apr 27, 2020 at 7:19 PM Neil Dunbar via Netsec <netsec at cabforum.org>
wrote:

> All,
>
> I'm thinking that with no apparent resistance to ending the moratorium
> on ballots, it's probably time to put Ballot SC29v3 up for voting.
>
> I'll do this tomorrow (Tuesday 28th April) if there are no objections
> from the NetSec team to my doing so. Technically, I put the end of the
> current discussion period at 30th April to stretch out the time, but I
> looked at the bylaws and it says that the proposer can curtail the
> discussion period if no new version of the ballot has been posted in 7
> days - which is the case here.
>
> I do appreciate the full and frank exchange of views, but I'm siding
> with Tobi on this one: if there is indeed a policy benefit to
> prohibiting automatic updating, I don't think that the current ballot is
> the place to do it. All we wanted to do was push the community towards
> continuous monitoring, and accept that as an incremental improvement. I
> think the current SC29v3 does that. We can address effective chain of
> custody issues in other ballots to come.
>
> Thoughts, as alway, very welcome.
>
> Cheers,
>
> Neil
>
> _______________________________________________
> Netsec mailing list
> Netsec at cabforum.org
> http://cabforum.org/mailman/listinfo/netsec
>


-- 

David Kluge | Technical Program Manager | kluge at google.com |  +41 44 668 03
54
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/netsec/attachments/20200427/7c9b6f95/attachment.html>