Date: Thu, 31 Jan 2013 10:37:19 -0800 From: Kees Cook <keescook@...omium.org> To: "kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com> Cc: Anthony Liguori <aliguori@...ibm.com>, Frank Novak <fnovak@...ibm.com>, George Wilson <gcwilson@...ibm.com>, Joel Schopp <jschopp@...ux.vnet.ibm.com>, Kevin Wolf <kwolf@...hat.com>, Warren Grunbok II <grunbok@...ibm.com> Subject: Re: Secure Open Source Project Guide On Thu, Jan 31, 2013 at 7:34 AM, Corey Bryant <coreyb@...ux.vnet.ibm.com> wrote: > In light of events like this http://lwn.net/Articles/535149/ "China, GitHub > and the man-in-the-middle (Greatfire)", we are thinking that a guide for > securing open source projects is needed. For example, recommending pull > requests or commits be PGP signed are a few things we've discussed that > could defend against a MITM attack inserting malicious code. > > Does anyone have any thoughts as to where we could publish such a guide? > Perhaps the Linux Foundation? > > I believe we have the resources on this mailing list to work through the > details and put together a succinct guide that we could take to a wider > audience. Yeah, sounds good. I think we could easily use the kernel-security wiki to work on it initially, and if it needs a different home in the end, we can move it then. -Kees -- Kees Cook Chrome OS Security
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.