On Thu, 2007-08-23 at 07:47 -0600, Mark A. Carlson wrote:
> I don't think we should be making examples of cases,
> nor forcing each one to invent their own approach.
If that's the case then we should just pack up and go home, because all
a project team needs to get approval from us is to assert ETOOHARD
enough times to wear us down.
The first user of a new facility will be copied, so it should get the
details right.
> I believe we can say that the read protection provided by 2007/177
> meets the spirit of the policy until we change or abolish the policy
> itself.
It's not our policy, so "we" (PSARC) cannot unilaterally change or
abolish it.
> Lame reversible obfuscation sounds like "security through obscurity"
> to me.
The policy specifically calls for obfuscation as an alternative when
stronger measures aren't possible. It's not for us to unilaterally
interpret the policy to delete that provision.
- Bill
