As with all open-source projects, most people would just silently assume that there's someone "knowing better" working on the document and will hesitate to engage. Including myself :) There's nothing wrong with explicitly asking for help such as in this pull request https://github.com/BetterCrypto/Applied-Crypto-Hardening/pull/142
On 04/23/2017 06:08 AM, Aaron Zauner wrote: > Related to the original post: there's been discussion on the changes > suggested by ilf. > > Please contribute over > here: https://github.com/BetterCrypto/Applied-Crypto-Hardening/pull/133 > > BTW: I also have my doubts about the state of this project at the > time. Very few people have been contributing and reviewing suggested > changes over the past two-or-more years. Unfortunately this is not a > one-off project - it needs maintenance and to be checked regularly for > errors, new findings or possible corrections. Unfortunately I don't > see that happening at any point in the future. I've voiced similar > concern more than two years ago already as people lost interest. I'm > still going through GitHub PRs from time to time, but am mostly > relying on configuration settings shipped by the upstream project or > distribution, hand-picked settings and have been using the Mozilla > cipherstrings (https://wiki.mozilla.org/Security/Server_Side_TLS) for > TLS services for a long time, to be honest. > > Aaron / azet > > On Mon, Nov 28, 2016 at 12:21 PM, L. Aaron Kaplan <[email protected] > <mailto:[email protected]>> wrote: > > > > On 27 Nov 2016, at 21:10, ilf <[email protected] > <mailto:[email protected]>> wrote: > > > > I think the interwebs really needs a project like BetterCrypto. > > > > Thanks :) > > > Unfortunately, this project seems pretty dead to me. > > > > 1. The website https://bettercrypto.org/ has 8 posts: 1 in 2013, > 5 in 2014, and 2 in 2015. There have been no updates in over 2.5 > years. > > > > Well, it's not dead. I think there is simply a pause with the > authors . > One main contributor was gone now for nearly half a year. > > But, we definitely do intend to continue and adapt the guide the > the lastest developments. > This guide is also quite important for the authors for their own > work (it's easy to look up current best practices). > So, I would not worry about the future. > A pause is a pause and not automatically death :) > > > 2. There have been a few updates in the repository, but only 4 > in the last 6 months: > https://git.bettercrypto.org/ach-master.git/shortlog > <https://git.bettercrypto.org/ach-master.git/shortlog> > > > > 3. The XMPP GroupChat advertised on > https://bettercrypto.org/contribute/ > <https://bettercrypto.org/contribute/> is empty. > > > > 4. This list has about 1 thread per month. In August, one of > those treads was a complaint about not receiving feedback. > > > > So: Is this thing still alive? > > Yes. > > > > > If yes: Let's show some enthusiasm, update the website, submit a > lightnening talk at 33C3, debate, and work! > > > So, guess what - a lightning talk at CCC is definitely in the > making :) > Me and Pepi will be there. > > > If no: Maybe it's time to shut this down? We're talking about > crypto recommendations here, that stuff gets old quickly (bitrot, > technical debt). > > > > What do you think? > > > > My original question was: I have written a recommendation for > ssh_condig and sshd_config for OpenSSH 7.3. Where do I submit > this? GitHub? THis list? > https://git.bettercrypto.org/ach-master.git > <https://git.bettercrypto.org/ach-master.git>? > > > Github pull request. > Discussions are on this list. > > Best, > a. > > > > -- > // CERT Austria > // L. Aaron Kaplan <[email protected] <mailto:[email protected]>> > // T: +43 1 505 64 16 78 <tel:%2B43%201%20505%2064%2016%2078> > // http://www.cert.at > // Eine Initiative der NIC.at Internet Verwaltungs- und Betriebs GmbH > // http://www.nic.at/ - Firmenbuchnummer 172568b, LG Salzburg > > > _______________________________________________ > Ach mailing list > [email protected] <mailto:[email protected]> > http://lists.cert.at/cgi-bin/mailman/listinfo/ach > <http://lists.cert.at/cgi-bin/mailman/listinfo/ach> > > > > > _______________________________________________ > Ach mailing list > [email protected] > http://lists.cert.at/cgi-bin/mailman/listinfo/ach -- Paweł Krawczyk +44 7879 180015
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Ach mailing list [email protected] http://lists.cert.at/cgi-bin/mailman/listinfo/ach
