[bind10-dev] Exposing security issues via Git/Subversion, was Subversion to Git conversion
Shane Kerr
shane at isc.org
Wed Oct 20 10:58:39 UTC 2010
Jinmei,
On Wed, 2010-10-20 at 19:08 +0900, JINMEI Tatuya / 神明達哉 wrote:
> > Thinking about Jinmei's points, maybe it makes more sense to simply turn
> > off the push when we are working on a security issue. That way there
> > will be less chance of error and accidentally leaking the problem.
>
> I'm not sure if I understand this...if we completely stop pushing (or
> pulling, which doesn't matter in this context) for all branches,
> doesn't the fact it stops leak the information of "there's some
> security related work behind the scene (so this is a good time to find
> security vulnerability in the release versions)"? In fact, that was
> my original question.
Ah, right.
So basically we have 2 options:
1. Push with a filter to stop security-related work from being published
Advantages: Other work remains public, bad guys don't know anything
Disadvantages: We might make a mistake
2. Push and turn off completely if security-related work is going on
Advantages: Reduced chance of accidental leakage of specific work
Disadvantages: Bad guys know 'something' is going on
To be honest, I don't see much disadvantage for the second option. The
bad guys could be furiously looking for security exploits in our
software at *any* time. They don't have to wait until some signal tells
them that there is possibly some problem that is being worked on. They
probably would not discover the same issue anyway, although they might
discover some other exploits!
But if people think option #1 is better, then that is fine too.
--
Shane
More information about the bind10-dev
mailing list