Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 31 Jan 2013 13:30:04 -0600
From: Anthony Liguori <>
To: Kees Cook <>,
        "kernel-hardening\" <>
Cc: Frank Novak <>, George Wilson <>,
        Joel Schopp <>,
        Kevin Wolf <>, Warren Grunbok II <>
Subject: Re: Secure Open Source Project Guide

Kees Cook <> writes:

> On Thu, Jan 31, 2013 at 7:34 AM, Corey Bryant <> wrote:
>> In light of events like this "China, GitHub
>> and the man-in-the-middle (Greatfire)", we are thinking that a guide for
>> securing open source projects is needed.  For example, recommending pull
>> requests or commits be PGP signed are a few things we've discussed that
>> could defend against a MITM attack inserting malicious code.
>> Does anyone have any thoughts as to where we could publish such a guide?
>> Perhaps the Linux Foundation?
>> I believe we have the resources on this mailing list to work through the
>> details and put together a succinct guide that we could take to a wider
>> audience.
> Yeah, sounds good. I think we could easily use the kernel-security
> wiki to work on it initially, and if it needs a different home in the
> end, we can move it then.

If someone picks a home, I'll do a brain dump of some of my concerns and
what I think can be done about it.


Anthony Liguori

> -Kees
> --
> Kees Cook
> Chrome OS Security

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.