Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 31 Jan 2013 10:37:19 -0800
From: Kees Cook <keescook@...omium.org>
To: "kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>
Cc: Anthony Liguori <aliguori@...ibm.com>, Frank Novak <fnovak@...ibm.com>, 
	George Wilson <gcwilson@...ibm.com>, Joel Schopp <jschopp@...ux.vnet.ibm.com>, 
	Kevin Wolf <kwolf@...hat.com>, Warren Grunbok II <grunbok@...ibm.com>
Subject: Re: Secure Open Source Project Guide

On Thu, Jan 31, 2013 at 7:34 AM, Corey Bryant <coreyb@...ux.vnet.ibm.com> wrote:
> In light of events like this http://lwn.net/Articles/535149/ "China, GitHub
> and the man-in-the-middle (Greatfire)", we are thinking that a guide for
> securing open source projects is needed.  For example, recommending pull
> requests or commits be PGP signed are a few things we've discussed that
> could defend against a MITM attack inserting malicious code.
>
> Does anyone have any thoughts as to where we could publish such a guide?
> Perhaps the Linux Foundation?
>
> I believe we have the resources on this mailing list to work through the
> details and put together a succinct guide that we could take to a wider
> audience.

Yeah, sounds good. I think we could easily use the kernel-security
wiki to work on it initially, and if it needs a different home in the
end, we can move it then.

-Kees

--
Kees Cook
Chrome OS Security

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.