Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 01 Feb 2013 09:33:16 -0500
From: Corey Bryant <coreyb@...ux.vnet.ibm.com>
To: kernel-hardening@...ts.openwall.com
CC: Anthony Liguori <aliguori@...ibm.com>, Kees Cook <keescook@...omium.org>,
        Frank Novak <fnovak@...ibm.com>, George Wilson <gcwilson@...ibm.com>,
        Joel Schopp <jschopp@...ux.vnet.ibm.com>,
        Kevin Wolf <kwolf@...hat.com>,
        Warren Grunbok II <wgrunbok@...t.ibm.com>
Subject: Re: Secure Open Source Project Guide



On 01/31/2013 02:30 PM, Anthony Liguori wrote:
> Kees Cook <keescook@...omium.org> writes:
>
>> On Thu, Jan 31, 2013 at 7:34 AM, Corey Bryant <coreyb@...ux.vnet.ibm.com> wrote:
>>> In light of events like this http://lwn.net/Articles/535149/ "China, GitHub
>>> and the man-in-the-middle (Greatfire)", we are thinking that a guide for
>>> securing open source projects is needed.  For example, recommending pull
>>> requests or commits be PGP signed are a few things we've discussed that
>>> could defend against a MITM attack inserting malicious code.
>>>
>>> Does anyone have any thoughts as to where we could publish such a guide?
>>> Perhaps the Linux Foundation?
>>>
>>> I believe we have the resources on this mailing list to work through the
>>> details and put together a succinct guide that we could take to a wider
>>> audience.
>>
>> Yeah, sounds good. I think we could easily use the kernel-security
>> wiki to work on it initially, and if it needs a different home in the
>> end, we can move it then.
>
> If someone picks a home, I'll do a brain dump of some of my concerns and
> what I think can be done about it.
>
> Regards,
>
> Anthony Liguori
>

That would be great.  Thanks Anthony.

-- 
Regards,
Corey Bryant

>>
>> -Kees
>>
>> --
>> Kees Cook
>> Chrome OS Security
>
>
>


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.