5 Nov
2018
5 Nov
'18
3:59 p.m.
On 05/11/2018 13:05, Langer, Christoph wrote:
Hi Alan, all,
I’d welcome a discussion, for sure. Unfortunately there hasn’t been so much participation in this yet. I think this is an item where it’s hard to have a clear opinion and where it’s difficult to oversee all implications it might have.
Who’d be willing to have a look from security perspective?
I think you'll need to do a write-up of the overall proposal so that folks can jump in and point out the implications. It's not easy to do this in a code review of a small piece of the solution. I suspect that security-dev will be interested in the details for signed JARs as I don't think the current proposal prevents tampering of the file permissions. -Alan.