[Tails-l10n] Translation platform security and threat model …

このメッセージを削除

このメッセージに返信
著者: intrigeri
日付:  
To: Tails localization discussion
古いトピック: Re: [Tails-l10n] Discuss our translation infrastructure - needs your input
題目: [Tails-l10n] Translation platform security and threat model [Was: Discuss our translation infrastructure - needs your input]
Hi,

[splitting this thread into per-topic sub-threads]

u wrote (28 Mar 2015 18:23:42 GMT) :
> intrigeri:


>>> * be a secure platform
>>
>> What does this mean?


> A platform which has been audited or tested enough to avoid malicious
> injections I guess.


I'm not sure I understand what's the threat model here.

Is it about attackers modifying translated strings without being
registered as translators, or anything else?

IMO, either the vague "secure" requirement is simply dropped, or it
needs to be clarified quite a bit before it can be actionable.

If nobody feels like doing the threat modeling work, I can personally
live with simply dropping it, on the grounds that it's probably easy
enough to inject dangerous translations via social engineering, and
I don't see how we can protect ourselves from such attacks while still
accepting translations for a wide range of languages.

Cheers,
--
intrigeri