On 06/17/10 11:21 AM, Garrett D'Amore wrote:
On Thu, 2010-06-17 at 10:54 +0100, Darren J Moffat wrote:
My only concern is this paragraph:
The project team reserves the right to revise the exact list of
certificates and/or choose an entirely different source of certifcates
at anytime without requiring further ARC review.
While ARC may or may not be the best place to review changes to the
certificate list (it probably isn't), I think we should like to know how
revisions will be made -- i.e. who decides when a change is appropriate
and what the change will be? The project team? You? C-Team? P-Team?
I think there should be at least *some* review by some group of people
when something so important to the security of the underlying system is
changed. So I'd like to know more about what is intended here.
And I think understanding what this review would be is part of the
fundamental architecture of the case, so I think its appropriate to
discuss here.
It seems to me like this is something that the security team should be
able to handle this within the team (i.e. during code-review), and
verified during the RTI process. I don't think that this is an
architectural issue, much like the specific list of certificates bundled
with firefox has never been an architectural issue.
-Seb
_______________________________________________
opensolaris-arc mailing list
[email protected]
