Confirm, administrator
5,526
edits
Changes
m
Drafting initial text
== Bug Triage in Mozilla's CA Certificate Program==
Mozilla’s [[CA:Overview|CA Certificate Program]] governs inclusion of root certificates in [https://developer.mozilla.org/en-US/docs/NSS Network Security Services (NSS),] a set of open source libraries designed to support cross-platform development of security-enabled client and server applications. The [[CA:IncludedCAs|NSS root certificate store]] is not only used in Mozilla products such as the [https://www.mozilla.org/firefox/ Firefox] browser, but is also used by other companies in a variety of products.<br /><br />
The [https://bugzilla.mozilla.org/ Bugzilla] product/component for the CA Certificates Certificate Program is [https://bugzilla.mozilla.org/buglist.cgi?resolution=---&query_format=advanced&component=CA%20Certificates&product=mozilla.org mozilla.org :: CA Certificates].
<br /><br />
The CA Certificate Program deviates from Mozilla's standardized [[Bugmasters/Process/Triage|Bugzilla Bug Triage]] process by not using bug priorities (P1, P2, P3, or P5), because [https://bugzilla.mozilla.org/buglist.cgi?resolution=---&query_format=advanced&component=CA%20Certificates&product=mozilla.org CA Certificate bugs] do not directly include code changes to Mozilla's [[RapidRelease/Calendar|release trains ]] or iterations.
<br /><br />
[https://bugzilla.mozilla.org/buglist.cgi?resolution=---&query_format=advanced&component=CA%20Certificates&product=mozilla.org&list_id=13429872 CA Certificate bugs] are used to track:
* [[CA|Root inclusion/change requests]]. When approved, the actual code changes are requested via a new [https://bugzilla.mozilla.org/buglist.cgi?resolution=---&query_format=advanced&component=CA%20Certificates&product=NSS Bugzilla Bug for NSS].* [[CA:How_to_apply#Enable_EV_for_an_included_root|EV treatment enablement requests]]. When approved, the actual code changes are requested via a new [https://bugzilla.mozilla.org/buglist.cgi?resolution=---&query_format=advanced&component=Security%3A%20PSM&product=Core Bugzilla Bug for PSM].
* Concerns that are raised about certificates being issued by CAs, and the resulting action items for the CAs.
* CA Program related concerns or action items. If it is determined that a code changes is needed, then a separate Bugzilla Bug will be created to request the code change.
* [[CA:SalesforceCommunity#Documents|CA Audit statements]], when they are not published on [http://www.webtrust.org/ webtrust.org], the auditor's website, or the CA's website.
=== CA Program whiteboard tags:Whiteboard Tags ===
* Root Inclusion/Change requests, and EV treatment enablement requests
** [ca-initial] -- not enough information to begin the Information Verification phase
