[Libre-soc-dev] daily kan-ban update 13oct2022
Jacob Lifshay
programmerjake at gmail.com
Thu Oct 13 09:20:31 BST 2022
On Thu, Oct 13, 2022, 00:30 lkcl via Libre-soc-dev <
libre-soc-dev at lists.libre-soc.org> wrote:
> i also removed the unauthorised additions of "security changes
> and work deemed suitable for security purposes" from the cryotoprimitives
> MoU and task list.
>
uuh, i don't recall there being any such task...also you reviewed the MoU
before we submitted it and iirc you said it was fine, i have not modified
it since then.
>
> i specifically told you jacob that from experience the amount
> of time that will take will be 5 to 10x longer than the available
> budget and place us at risk from both being sued for
> misrepresentation as well as placing the project at risk of
> noncompletion.
>
security doesn't necessarily mean designed to be resistant to all
side-channels (which are the harder parts that you keep complaining about
and imho overreacting to anything that could possibly be construed as
having side-channel-resistant code even if it's trivial or incidental or
totally unrelated -- e.g. bitwise AND is timing side-channel resistant in
any reasonable non-asynchronous cpu). e.g. security can be as simple as
implementing a digital signature algorithm such as RSA or ECDSA or checking
that your username is in the allowed list.
Jacob
More information about the Libre-soc-dev
mailing list