security projects thoughts
Bayard Bell
buffer.g.overflow at googlemail.com
Mon Apr 18 07:17:30 PDT 2011
On 18 Apr 2011, at 15:04, Jeff Johnson wrote:
> What is the basis for "attractive" or not?
I should be clear about this: if we want greater security these are things that need to be decided, and this isn't a question of some set of completely self-evident technical merits for which patches can be whipped up. People have to be willing to organise around and live with whatever's put in place, so the first thing that's needed is buy-in as to which problems need to be solved and which solutions are not just feasible to code but sustainable. I spent some time with the existing code, and I found some attack surface that worried me: that doesn't nearly amount to surveying the threat environment and building consensus, which I think is where we need to focus. I'm new here so I really don't know how decisions are made with the community. I already appreciate that there are further issues related to hosting that need to be negotiated with Apple, but there's a lot that I don't know.
Is the first question perhaps to ask someone who's an elder or manager for sponsorship and moderation of subsequent discussion?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1515 bytes
Desc: not available
URL: <http://lists.macosforge.org/pipermail/macports-dev/attachments/20110418/25aba32d/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 841 bytes
Desc: This is a digitally signed message part
URL: <http://lists.macosforge.org/pipermail/macports-dev/attachments/20110418/25aba32d/attachment-0001.bin>
More information about the macports-dev
mailing list