From mboxrd@z Thu Jan  1 00:00:00 1970
Reply-To: kernel-hardening@lists.openwall.com
Message-ID: <510A8F11.6050908@linux.vnet.ibm.com>
Date: Thu, 31 Jan 2013 10:34:41 -0500
From: Corey Bryant <coreyb@linux.vnet.ibm.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: [kernel-hardening] Secure Open Source Project Guide
To: kernel-hardening@lists.openwall.com
Cc: Anthony Liguori <aliguori@us.ibm.com>, Frank Novak <fnovak@us.ibm.com>, George Wilson <gcwilson@us.ibm.com>, Joel Schopp <jschopp@linux.vnet.ibm.com>, Kevin Wolf <kwolf@redhat.com>, Warren Grunbok II <grunbok@us.ibm.com>
List-ID: <kernel-hardening.lists.openwall.com>

In light of events like this http://lwn.net/Articles/535149/ "China, 
GitHub and the man-in-the-middle (Greatfire)", we are thinking that a 
guide for securing open source projects is needed.  For example, 
recommending pull requests or commits be PGP signed are a few things 
we've discussed that could defend against a MITM attack inserting 
malicious code.

Does anyone have any thoughts as to where we could publish such a guide? 
  Perhaps the Linux Foundation?

I believe we have the resources on this mailing list to work through the 
details and put together a succinct guide that we could take to a wider 
audience.

-- 
Regards,
Corey Bryant