[Tails-l10n] Translation platform security and threat model …

Delete this message

Reply to this message
Autor: intrigeri
Data:  
Dla: Tails localization discussion
Stare tematy: Re: [Tails-l10n] Discuss our translation infrastructure - needs your input
Temat: [Tails-l10n] Translation platform security and threat model [Was: Discuss our translation infrastructure - needs your input]
Hi,

[splitting this thread into per-topic sub-threads]

u wrote (28 Mar 2015 18:23:42 GMT) :
> intrigeri:


>>> * be a secure platform
>>
>> What does this mean?


> A platform which has been audited or tested enough to avoid malicious
> injections I guess.


I'm not sure I understand what's the threat model here.

Is it about attackers modifying translated strings without being
registered as translators, or anything else?

IMO, either the vague "secure" requirement is simply dropped, or it
needs to be clarified quite a bit before it can be actionable.

If nobody feels like doing the threat modeling work, I can personally
live with simply dropping it, on the grounds that it's probably easy
enough to inject dangerous translations via social engineering, and
I don't see how we can protect ourselves from such attacks while still
accepting translations for a wide range of languages.

Cheers,
--
intrigeri