[cabfpub] CAB Forum Document Versioning

Sheehy, Don (CA - Toronto) dosheehy at deloitte.ca
Tue Jan 29 16:18:46 UTC 2013


As mentioned a number of times in the past - formal recognition and approval of Errata was done by creating a new version of EV or Baseline - that is what we then directed our audit efforts to. This ensured a consistent audit. By adding .x to a doc every time you have an errata will only create confusion as we will not issue formal guidance until they move to the next approved level. As stated a number of times in the past, you have to understand that we need to follow due process to create generally accepted criteria that can be used in a public audit report.

I would propose that no change be made. 

Donald E. Sheehy, CPA, CA*CISA, CRISC, CIPP/C 
Partner | Enterprise Risk 
Deloitte


-----Original Message-----
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Gervase Markham
Sent: Monday, January 28, 2013 5:24 AM
To: CABFPub
Subject: [cabfpub] CAB Forum Document Versioning

Dear CAB Forum,

Mozilla would like to propose a change to the way we denote versions of our key published documents (EV, BR, Network etc.), which we think would improve matters.

Currently, the process is that we issue an X.Y version of a document every year or so, and in between we have a (perhaps poorly named, but let's go with it) "errata" document which lists all of the changes, updates and improvements we have agreed by ballot to make since the last version was issued. You can see that process in action here:
https://www.cabforum.org/documents.html

We think it would be better for us to issue a new X.Y.Z version each time we agree to make a change, and post that on the website (with the version number and date in the header of the document) under an unchanging URL of this style:

https://www.cabforum.org/EV_SSL_Latest.pdf

as well as e.g.:

https://www.cabforum.org/EV_SSL_1.4.7.pdf

The advantage of this greater granularity is that it allows auditors and other consumers of our documents to take our "best efforts" at any point and use it in their process, while referring to it unambiguously and succinctly. Currently, they have the choice of either saying:

"We are using EV 1.4 with the Errata document which was current as of 20th January 2013, which had 3 errata in it"

which is unambiguous but highly unwieldy, or:

"We are using EV 1.4"

which is succinct, but means they are not getting the benefit of any errata; our good work lies unused for up to a year.

If we adopt this proposal, consumers of this document could instead say, 'We are using EV 1.4.3' to indicate the third minor change to version 1.4 of the guidelines, instead of mentioning an errata and date. It's both succinct and unambiguous.

We think this change would also lessen the need for rigid timetables for handing documents over to auditors and others but, even if we later institute such timetables, this scheme is still an improvement over the status quo.

Gerv
_______________________________________________
Public mailing list
Public at cabforum.org
https://cabforum.org/mailman/listinfo/public


Confidentiality Warning: This message and any attachments are
intended only for the use of the intended recipient(s), are
confidential, and may be privileged. If you are not the intended
recipient, you are hereby notified that any review, retransmission,
conversion to hard copy, copying, circulation or other use of this
message and any attachments is strictly prohibited. If you are not
the intended recipient, please notify the sender immediately by
return e-mail, and delete this message and any attachments from
your system. Thank you.	



Information confidentielle: Le présent message, ainsi que tout
fichier qui y est joint, est envoyé à l'intention exclusive de son
ou de ses destinataires; il est de nature confidentielle et peut
constituer une information privilégiée. Nous avertissons toute
personne autre que le destinataire prévu que tout examen,
réacheminement, impression, copie, distribution ou autre
utilisation de ce message et de tout fichier qui y est joint est
strictement interdit. Si vous n'êtes pas le destinataire prévu,
veuillez en aviser immédiatement l'expéditeur par retour de
courriel et supprimer ce message et tout document joint de votre
système. Merci.








More information about the Public mailing list