On Wed, Jul 19, 2017 at 07:34:59PM +0000, Guenter Milde wrote: > On 2017-07-19, Christian Ridderström wrote: > > ... > > ... I would like to ask (not being > > optimistic), if there's some design description anywhere? > > > I wonder because IMHO security requires a system wide approach and that > > it's very easy to screw up if only looking at isolated pieces. Further, it > > requires continuity so you know what you initially intended to achieve and > > what you consider good enough. Otherwise you might later introduce a new > > feature that inadvertently opens up a security whole. Without a system > > design, it's also easy to get caught in discussions trying to bandaid a > > small hole while missing entire walls missing. > > > I think this kind of information would be good to gather and store in some > > kind of design document, which could just be a text file in the repo. Then > > we could add knowledge to this document, and let if include the rationale > > behind our choices, as well as letting developers review the system design. > > I support the suggestion to create such a document and suppose to make it > a section in "Development.lyx": > > + bundled with other project policies and developer documentation > + write access for all developers > + we can use LyX's version control for to-be-reviewed parts and diverging > opinions/comments
+1 Development.lyx does not have a rigorous structure. If anyone is interested in writing something more formal, when we can at reference that file from within Development.lyx.
signature.asc
Description: PGP signature