Re: Security related tooling project

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security related tooling project

From:	Christopher Baines
Subject:	Re: Security related tooling project
Date:	Fri, 23 Apr 2021 21:34:00 +0100
User-agent:	mu4e 1.4.15; emacs 27.1

Bengt Richter <bokr@bokr.com> writes:

> Given that crims &co monitor developer discussions to discover
> unfixed vulnerabilities and clues re exploiting them,
> what are your ideas to avoid building a tool that can be abused?
>
> E.g., How will your tool avoid leaking info during an embargo window
> while trusted developers are secretly/privately fixing
> critical vulns?

That's a point to consider I think. Most of what I'm thinking about is
for published vulnerabilities in software packaged for Guix, but you
raise a valid point, so thanks for bringing it up.

Chris

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

Re: Security related tooling project OFF TOPIC PRAISE, (continued)
- Re: Security related tooling project, Léo Le Bouter, 2021/04/03
  - Re: Security related tooling project, Christopher Baines, 2021/04/04
- Re: Security related tooling project, Chris Marusich, 2021/04/04
  - Re: Security related tooling project, Christopher Baines, 2021/04/04
    - Re: Security related tooling project, Xinglu Chen, 2021/04/04
    - Re: Security related tooling project, Chris Marusich, 2021/04/04
- Re: Security related tooling project, Ludovic Courtès, 2021/04/17
  - Re: Security related tooling project, Bengt Richter, 2021/04/17
    - Re: Security related tooling project, Christopher Baines <=
  - Re: Security related tooling project, Christopher Baines, 2021/04/23

Prev by Date: Re: Security related tooling project
Next by Date: Re: Organizing Tui Apps
Previous by thread: Re: Security related tooling project
Next by thread: Re: Security related tooling project
Index(es):
- Date
- Thread