[bind10-dev] Exposing security issues via Git/Subversion, was Subversion to Git conversion
JINMEI Tatuya / 神明達哉
jinmei at isc.org
Wed Oct 20 13:16:16 UTC 2010
At Wed, 20 Oct 2010 12:58:39 +0200,
Shane Kerr <shane at isc.org> wrote:
> So basically we have 2 options:
>
> 1. Push with a filter to stop security-related work from being published
> Advantages: Other work remains public, bad guys don't know anything
> Disadvantages: We might make a mistake
>
> 2. Push and turn off completely if security-related work is going on
> Advantages: Reduced chance of accidental leakage of specific work
> Disadvantages: Bad guys know 'something' is going on
>
> To be honest, I don't see much disadvantage for the second option. The
> bad guys could be furiously looking for security exploits in our
> software at *any* time. They don't have to wait until some signal tells
> them that there is possibly some problem that is being worked on. They
> probably would not discover the same issue anyway, although they might
> discover some other exploits!
Another disadvantage of option #2 is that we need to stop pushing as
long as we work on a security branch. Remember we needed to wait for
several months until we could release the port randomization patch two
years ago. Of course, in some initial stages of the patch development
it may be completely hidden in a specific developer's private
repository. But we'll eventually need to push it somewhere for peer
review, testing, etc.
---
JINMEI, Tatuya
More information about the bind10-dev
mailing list