Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 1 May 2015 23:41:22 +0000
From: mancha <>
Subject: Re: On sanctioned MITMs

On Sat, May 02, 2015 at 01:58:15AM +0300, Solar Designer wrote:
> Hi,
> I feel that this is borderline off-topic for oss-security because of
> no specific relevance to Open Source, unless the discussion is somehow
> refocused on aspects that are directly Open Source relevant - e.g.,
> "should we block these CDNs (and how) in Open Source software's
> SSL/TLS certificate validity checks because of those specific risks" -
> that's just an example of what would bring the discussion on-topic for
> this list, not an actual suggestion (I think such blocking would be
> bad).


Yes, that might not have been clear because I didn't say so explicitly.
But, implicit in my post was a question of how infosec and its
intersection with OSS (i.e. security policies in FF/Chromium/etc.)
should consider this situation and its implications.


Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.