[Libre-soc-dev] daily kan-ban update 13oct2022

[lkcl]

i trusted you to listen to what i said: under no circumstances put "security" on the MoU, in any way shape or form.

having trusted you to do what i specifically asked i did not
have time to read it through in detail.

i have now been forced into the position of urgently writing to
michiel to request a change to the SIGNED MoU.

why did you not listen to what i said?

your failure to listen places all of us at risk.






On October 13, 2022 9:20:31 AM GMT+01:00, Jacob Lifshay <programmerjake at gmail.com> wrote:
>On Thu, Oct 13, 2022, 00:30 lkcl via Libre-soc-dev <
>libre-soc-dev at lists.libre-soc.org> wrote:
>
>> i also removed the unauthorised additions of "security changes
>> and work deemed suitable for security purposes" from the
>cryotoprimitives
>> MoU and task list.
>>
>
>uuh, i don't recall there being any such task...also you reviewed the
>MoU
>before we submitted it and iirc you said it was fine, i have not
>modified
>it since then.
>
>>
>> i specifically told you jacob that from experience the amount
>> of time that will take will be 5 to 10x longer than the available
>> budget and place us at risk from both being sued for
>> misrepresentation as well as placing the project at risk of
>> noncompletion.
>>
>
>security doesn't necessarily mean designed to be resistant to all
>side-channels (which are the harder parts that you keep complaining
>about
>and imho overreacting to anything that could possibly be construed as
>having side-channel-resistant code even if it's trivial or incidental
>or
>totally unrelated -- e.g. bitwise AND is timing side-channel resistant
>in
>any reasonable non-asynchronous cpu). e.g. security can be as simple as
>implementing a digital signature algorithm such as RSA or ECDSA or
>checking
>that your username is in the allowed list.
>
>Jacob