Date: Tue, 05 Feb 2013 13:34:18 -0500 From: Corey Bryant <coreyb@...ux.vnet.ibm.com> To: Anthony Liguori <aliguori@...ibm.com> CC: kernel-hardening@...ts.openwall.com, Kees Cook <keescook@...omium.org>, Frank Novak <fnovak@...ibm.com>, George Wilson <gcwilson@...ibm.com>, Joel Schopp <jschopp@...ux.vnet.ibm.com>, Kevin Wolf <kwolf@...hat.com>, Warren Grunbok II <wgrunbok@...t.ibm.com> Subject: Re: Secure Open Source Project Guide On 01/31/2013 02:30 PM, Anthony Liguori wrote: > Kees Cook <keescook@...omium.org> writes: > >> On Thu, Jan 31, 2013 at 7:34 AM, Corey Bryant <coreyb@...ux.vnet.ibm.com> wrote: >>> In light of events like this http://lwn.net/Articles/535149/ "China, GitHub >>> and the man-in-the-middle (Greatfire)", we are thinking that a guide for >>> securing open source projects is needed. For example, recommending pull >>> requests or commits be PGP signed are a few things we've discussed that >>> could defend against a MITM attack inserting malicious code. >>> >>> Does anyone have any thoughts as to where we could publish such a guide? >>> Perhaps the Linux Foundation? >>> >>> I believe we have the resources on this mailing list to work through the >>> details and put together a succinct guide that we could take to a wider >>> audience. >> >> Yeah, sounds good. I think we could easily use the kernel-security >> wiki to work on it initially, and if it needs a different home in the >> end, we can move it then. > > If someone picks a home, I'll do a brain dump of some of my concerns and > what I think can be done about it. > > Regards, > > Anthony Liguori > I haven't heard any objections to using the oss-security wiki to host the guide, so I've created a page here. A brain dump would be a much appreciated start to get things moving. Thanks! http://oss-security.openwall.org/wiki/secure-oss-dev-guide -- Regards, Corey Bryant >> >> -Kees >> >> -- >> Kees Cook >> Chrome OS Security > > >
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.