Please read the [CCADB Incident Response](https://www.ccadb.org/cas/incident-report) and [Mozilla Responding to an incident page](https://wiki.mozilla.org/CA/Responding_To_An_Incident). I cannot list how many things are wrong in this report, it is truly groundbreaking.
Bug 1905509 Comment 11 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
Please read the [CCADB Incident Response](https://www.ccadb.org/cas/incident-report) and [Mozilla Responding to an incident page](https://wiki.mozilla.org/CA/Responding_To_An_Incident). I cannot list how many things are wrong in this report, it is truly groundbreaking. e: To be very kind at the absolute minimum: - CET instead of UTC. - The mixture of date/time formats - The impact section - Mentioning the email address of the reporter - The report not being about the CPR at all, it is about different incidents that all need separate bugs raised here - A certificate list with no sha256 hashes - The Root Cause Analysis section - The 'lessons learned', repeating leaning on human error - The wrong category for action items and how it is also irrelevant on many layers We haven't even addressed all of the intermediaries created and not disclosed, then certificates generated off of them failing multiple linters... so much has gone wrong here.
Please read the [CCADB Incident Response](https://www.ccadb.org/cas/incident-report) and [Mozilla Responding to an incident page](https://wiki.mozilla.org/CA/Responding_To_An_Incident). I cannot list how many things are wrong in this report, it is truly groundbreaking. e: To be very kind at the absolute minimum: - CET instead of UTC. - The mixture of date/time formats - The impact section - Mentioning the email address of the reporter - The report not being about the CPR at all, it is about different incidents that all need separate bugs raised here - A certificate list with no sha256 hashes - The Root Cause Analysis section - The 'lessons learned', repeatedly leaning on human error - The wrong category for action items and how it is also irrelevant on many layers We haven't even addressed all of the intermediaries created and not disclosed, then certificates generated off of them failing multiple linters... so much has gone wrong here.