Re: [Tails-dev] Secure development process?

Delete this message

Reply to this message
Author: David Stainton
Date:  
To: The Tails public development discussion list
Subject: Re: [Tails-dev] Secure development process?
Like you... I am also curious what the Tails devs have to say about
all this... however I suggest following the principle of least
authority/privilege!

https://en.wikipedia.org/wiki/Principle_of_least_privilege

Why not just use peer review + gpg signed git release tags? Are you
saying that a US hosted git repo will be able to counterfeit git
commits even if you use gpg signed git release tags?... if so then I
don't know what else to suggest.

I fail to see what a non-US hosted git repo would protect against...
and I am also somewhat unfamiliar with the concept of a physically
secure location (secure against drone attacks or other armed
police/military actions or what? Is there such a place?)...
Give everyone git access with ssh because ssh 0-days are more
expensive to purchase than TLS 0-days?


On Thu, Jun 5, 2014 at 12:52 PM, Bill Cox <waywardgeek@???> wrote:
> Sorry to bug this list again about non-tails development, but I wish to work
> with several developers on a fork of TrueCrypt this summer. We have an
> interesting problem that you guys may know a lot about.
>
> How can we develop secure code when any one of us might be secretly
> attempting to insert a back door? Also, how can we develop the code in a
> secure environment without having to worry that someone other than us has
> modified all our git repositories without our knowledge? Currently, we just
> have a couple of repos on github, which is probably foolish. What steps to
> you guys take to securely develop Tails?
>
> The process I'm thinking about would be something like:
>
> - Set up a git server off-shore, running in a physically secure location,
> with only one system admin that hopefully we can trust (wont be me - I'm in
> the US)
> - Give everyone git access only, using ssh keys.
> - Every code update should be reviewed by every developer
>
> Is this the right track? Is it enough? I am beginning to understand why
> the original TrueCrypt devs decided to be anonymous. If "they" don't know
> what your up to, "they" probably wont interfere. We're trying to do this
> development without any anonymous developers.
>
> Thanks,
> Bill
>
> _______________________________________________
> Tails-dev mailing list
> Tails-dev@???
> https://mailman.boum.org/listinfo/tails-dev
> To unsubscribe from this list, send an empty email to
> Tails-dev-unsubscribe@???.