Erm... this might be a very stupid question (or it might have an extremely stupid answer), but why can't the companies involved ask the auditors to send the reports out to the vendors that they have relationships with, which would provide a direct means of verifying that the documents presented are indeed authentic?
(Note that this is not a critique of your decision in how to handle this situation, and I do agree with your waiving of the public-audit requirement in this case, and also agree with your personal decision to encourage them to change their policies. Furthermore, I think that this is an issue that should be brought to the folks in charge for a vote on organizational approval of this encouragement, if this is not something that you can speak for Mozilla on; if it is, I think that you should subtly strengthen that 'I encourage them to' to 'the Mozilla Foundation encourages them to'.) -Kyle H On Thu, Dec 11, 2008 at 7:59 PM, Frank Hecker <hec...@mozillafoundation.org> wrote: > Frank Hecker wrote: >> >> However since we received the reports from SECOM Trust and not from PWC >> Aarata, we do need to verify that they are indeed genuine reports, just as >> we have done for other WebTrust reports that were published on the >> WebTrust.org site. > > I meant to write, "just as we have done for other WebTrust reports that were > *not* published on the WebTrust.org site". > > Frank > > -- > Frank Hecker > hec...@mozillafoundation.org > _______________________________________________ > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto > _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
