Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <510A8F11.6050908@linux.vnet.ibm.com>
Date: Thu, 31 Jan 2013 10:34:41 -0500
From: Corey Bryant <coreyb@...ux.vnet.ibm.com>
To: kernel-hardening@...ts.openwall.com
CC: Anthony Liguori <aliguori@...ibm.com>, Frank Novak <fnovak@...ibm.com>,
        George Wilson <gcwilson@...ibm.com>,
        Joel Schopp <jschopp@...ux.vnet.ibm.com>,
        Kevin Wolf <kwolf@...hat.com>, Warren Grunbok II <grunbok@...ibm.com>
Subject: Secure Open Source Project Guide

In light of events like this http://lwn.net/Articles/535149/ "China, 
GitHub and the man-in-the-middle (Greatfire)", we are thinking that a 
guide for securing open source projects is needed.  For example, 
recommending pull requests or commits be PGP signed are a few things 
we've discussed that could defend against a MITM attack inserting 
malicious code.

Does anyone have any thoughts as to where we could publish such a guide? 
  Perhaps the Linux Foundation?

I believe we have the resources on this mailing list to work through the 
details and put together a succinct guide that we could take to a wider 
audience.

-- 
Regards,
Corey Bryant

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.