[Tails-l10n] Translation platform security and threat model …

Supprimer ce message

Répondre à ce message
Auteur: intrigeri
Date:  
À: Tails localization discussion
Anciens-sujets: Re: [Tails-l10n] Discuss our translation infrastructure - needs your input
Sujet: [Tails-l10n] Translation platform security and threat model [Was: Discuss our translation infrastructure - needs your input]
Hi,

[splitting this thread into per-topic sub-threads]

u wrote (28 Mar 2015 18:23:42 GMT) :
> intrigeri:


>>> * be a secure platform
>>
>> What does this mean?


> A platform which has been audited or tested enough to avoid malicious
> injections I guess.


I'm not sure I understand what's the threat model here.

Is it about attackers modifying translated strings without being
registered as translators, or anything else?

IMO, either the vague "secure" requirement is simply dropped, or it
needs to be clarified quite a bit before it can be actionable.

If nobody feels like doing the threat modeling work, I can personally
live with simply dropping it, on the grounds that it's probably easy
enough to inject dangerous translations via social engineering, and
I don't see how we can protect ourselves from such attacks while still
accepting translations for a wide range of languages.

Cheers,
--
intrigeri