Brendan and I have been doing some thinking about actually defining what
security model we're using. Our current model has a bit of a
neither-fish-nor-fowl aspect to it.
I've written up the two directions we think we could go at
<http://wiki.mozilla.org/Security:Security_Checks_In_Glue> and
<http://wiki.mozilla.org/Security:Scattered_Security_Checks>.
The former model describes a setup close to what Netscape 2-4 had, according to
Brendan. The latter model describes what we _think_ we're doing right now.
Except we're doing a really bad job of it, and I question whether we could ever
really do it effectively. So I personally lean toward the glue model...
In any case, I'd love feedback on these documents, as well as any alternate
proposals for what we should be doing.
-Boris
_______________________________________________
dev-security mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security
