On Thu, Aug 23, 2012 at 4:51 PM, Mats Palmgren <[email protected]> wrote: > I don't think this obscurity results in any security whatsoever. > Looking at our current use of Try, I believe I could automate > sifting through pushes for security fixes to a point where manually > analyzing the result would be no burden at all.
Maybe so. I'm a little skeptical. But either way, I don't think that very black/white view of security is the most effective way to think about this problem. Rather than asking "is it possible to defeat the security?", I think it's more useful to ask "will the security be defeated in practice, and how often?". There are things that we can do, short of eliminating all use of Try for security bugs, that will make the discovery of security bugs via Try pushes harder, and thus less likely to occur in practice. I think those things are worth exploring because the alternative (forbid all use of try for security bugs) is impossible to enforce and could well end up causing more trouble than it solves. > For this rare case, surely you must have access to all platforms > internally for testing without having to expose the test on Try? Yes, obviously there are alternatives to using the Try Server that could be used in almost all cases. But it remains true that people use Try because it's useful and convenient, and we need to balance that utility and convenience against security - neither should be treated as an absolute requirement. Gavin _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
