Re: DragonFly Security Officer and Security Team
--Apple-Mail-15-87067997
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII; format=flowed
On 18.11.2004, at 18:35, Hiten Pandya wrote:
> It is not just about picking committers with free time and better
> understanding of code. The people elected should have more than
> adequate knowledge of security concepts.
>
> To conclude, all I am saying is that such a team is not necessary
> right now; but... when we do plan on creating such a team, I would
> rather put people with proven track record in security related things
> and just anyone. I do not mean to offend anyone's attempt at
> contribution or giving their time.
For sure, the people involved need to be experienced with security. But
in my opinion the primary responsibility of a security officer is being
responsible. The security officer is the one who is the sole contact
person for third parties regarding security issues, and it is the
responsibility of the security officer to be carful with this
additional knowledge.
This means both not disclosing exploit information when there is a
advisory release schedule, but also taking responsibility and
fixing/letting fix (no need to do this himself) code and send HEADS UP
when a long delay is not acceptable, etc.
I don't want to push somebody into something, but one obvious choice
would be Matt... In principle it's just one entry on the web page
stating: "Concerning security issues, please contact Matt Dillon
<link>"
cheers
simon
--
/"\
\ /
\ ASCII Ribbon Campaign
/ \ Against HTML Mail and News
--Apple-Mail-15-87067997
content-type: application/pgp-signature; x-mac-type=70674453;
name=PGP.sig
content-description: This is a digitally signed message part
content-disposition: inline; filename=PGP.sig
content-transfer-encoding: 7bit
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
iD4DBQFBnONEr5S+dk6z85oRAkNnAJidbQ3YK8N3MdR4u9sk0kYuXfzsAKCixB8L
57kN0ozyimn7wXZuspemoQ==
=HvOc
-----END PGP SIGNATURE-----
--Apple-Mail-15-87067997--
討論串 (同標題文章)
完整討論串 (本文為第 10 之 12 篇):