[Libre-soc-dev] daily kan-ban update 13oct2022
luke.leighton at gmail.com
Thu Oct 13 09:26:11 BST 2022
i trusted you to listen to what i said: under no circumstances put "security" on the MoU, in any way shape or form.
having trusted you to do what i specifically asked i did not
have time to read it through in detail.
i have now been forced into the position of urgently writing to
michiel to request a change to the SIGNED MoU.
why did you not listen to what i said?
your failure to listen places all of us at risk.
On October 13, 2022 9:20:31 AM GMT+01:00, Jacob Lifshay <programmerjake at gmail.com> wrote:
>On Thu, Oct 13, 2022, 00:30 lkcl via Libre-soc-dev <
>libre-soc-dev at lists.libre-soc.org> wrote:
>> i also removed the unauthorised additions of "security changes
>> and work deemed suitable for security purposes" from the
>> MoU and task list.
>uuh, i don't recall there being any such task...also you reviewed the
>before we submitted it and iirc you said it was fine, i have not
>it since then.
>> i specifically told you jacob that from experience the amount
>> of time that will take will be 5 to 10x longer than the available
>> budget and place us at risk from both being sued for
>> misrepresentation as well as placing the project at risk of
>security doesn't necessarily mean designed to be resistant to all
>side-channels (which are the harder parts that you keep complaining
>and imho overreacting to anything that could possibly be construed as
>having side-channel-resistant code even if it's trivial or incidental
>totally unrelated -- e.g. bitwise AND is timing side-channel resistant
>any reasonable non-asynchronous cpu). e.g. security can be as simple as
>implementing a digital signature algorithm such as RSA or ECDSA or
>that your username is in the allowed list.
More information about the Libre-soc-dev