On 2017-07-19, Christian Ridderström wrote: ... > ... I would like to ask (not being > optimistic), if there's some design description anywhere?
> I wonder because IMHO security requires a system wide approach and that > it's very easy to screw up if only looking at isolated pieces. Further, it > requires continuity so you know what you initially intended to achieve and > what you consider good enough. Otherwise you might later introduce a new > feature that inadvertently opens up a security whole. Without a system > design, it's also easy to get caught in discussions trying to bandaid a > small hole while missing entire walls missing. > I think this kind of information would be good to gather and store in some > kind of design document, which could just be a text file in the repo. Then > we could add knowledge to this document, and let if include the rationale > behind our choices, as well as letting developers review the system design. I support the suggestion to create such a document and suppose to make it a section in "Development.lyx": + bundled with other project policies and developer documentation + write access for all developers + we can use LyX's version control for to-be-reviewed parts and diverging opinions/comments Günter
