On Fri, Apr 11, 2014 at 5:38 AM, Russ Allbery wrote: > I don't want, necessarily, to have slower code to make handling corner > cases easier. However, I am generally happy to have slower code in return > for making the system more secure, as long as the speed hit isn't too > substantial. Security is a much bigger problem than performance right now > for most people.
How much of a speed hit is acceptable? Perhaps we should have a secondary archive built using SoftBoundCETS, which possibly has a 50% speed hit according to this talk: http://events.ccc.de/congress/2013/Fahrplan/events/5412.html https://media.ccc.de/browse/congress/2013/30C3_-_5412_-_en_-_saal_1_-_201312271830_-_bug_class_genocide_-_andreas_bogk.html http://acg.cis.upenn.edu/softbound/ http://safecode.cs.illinois.edu/docs/SoftBoundCETS.html -- bye, pabs http://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAKTje6GWF19nPSSTNzJnup+jKvE1DNtzEffHObbN95idL=v...@mail.gmail.com
