Author: u Date: To: tails-l10n Subject: Re: [Tails-l10n] Translation platform security and threat model
[Was: Discuss our translation infrastructure - needs your input]
intrigeri: > Hi,
>
> [splitting this thread into per-topic sub-threads]
>
> u wrote (28 Mar 2015 18:23:42 GMT) :
>> intrigeri:
>
>>>> * be a secure platform
>>>
>>> What does this mean?
>
>> A platform which has been audited or tested enough to avoid malicious
>> injections I guess.
>
> I'm not sure I understand what's the threat model here.
>
> Is it about attackers modifying translated strings without being
> registered as translators, or anything else?
>
> IMO, either the vague "secure" requirement is simply dropped, or it
> needs to be clarified quite a bit before it can be actionable.
>
> If nobody feels like doing the threat modeling work, I can personally
> live with simply dropping it, on the grounds that it's probably easy
> enough to inject dangerous translations via social engineering, and
> I don't see how we can protect ourselves from such attacks while still
> accepting translations for a wide range of languages.
>
