[Tails-dev] Secure development process?

This message is part of the following thread:
Mthe complete thread tree sorted by date
M\ 
MMDavid Stainton at ->
Delete this message

Reply to this message
Author: Bill Cox
Date:  
To: tails-dev
Subject: [Tails-dev] Secure development process?
Sorry to bug this list again about non-tails development, but I wish to
work with several developers on a fork of TrueCrypt this summer. We have
an interesting problem that you guys may know a lot about.

How can we develop secure code when any one of us might be secretly
attempting to insert a back door? Also, how can we develop the code in a
secure environment without having to worry that someone other than us has
modified all our git repositories without our knowledge? Currently, we
just have a couple of repos on github, which is probably foolish. What
steps to you guys take to securely develop Tails?

The process I'm thinking about would be something like:

- Set up a git server off-shore, running in a physically secure location,
with only one system admin that hopefully we can trust (wont be me - I'm in
the US)
- Give everyone git access only, using ssh keys.
- Every code update should be reviewed by every developer

Is this the right track? Is it enough? I am beginning to understand why
the original TrueCrypt devs decided to be anonymous. If "they" don't know
what your up to, "they" probably wont interfere. We're trying to do this
development without any anonymous developers.

Thanks,
Bill
This message was posted to the following mailing lists:
tails-dev
Mailing List Info | Nearby Messages		<-Re: [Tails-dev] FIx Bug #7344 Double-clicking on an entry in the language or keyboard layout lists is not enoughRe: [Tails-dev] Secure development process?->
lists.autistici.org administrated by postmasterLurker (version 2.3)