On 29-Jan-09, at 6:53 AM, Ben Bucksch wrote:
On 27.01.2009 05:20, Gervase Markham wrote:
https://bugzilla.mozilla.org/show_bug.cgi?id=475473
filed to create mozilla.dev.security.policy. And please let's not
have a
bikeshed discussion about the name.
Sorry to do just that, but I think it's more than bikeshed:
I do not think that CA policy discussion belongs in .security (or
anything near it). I think that crypto and security are two distinct
things: crypto protects communication, while security protects my
systems. Crypto is about SSL, S/MIME. Security is about bugs/holes
and application update.
(Only caveat: phishing doesn't really belong in either group. It's
usually handled in security, although it's about communication.)
Crypto is generating a lot of discussion, but I personally think
that security should not be deluded by the many crypto discussions.
So, I propose both a m.d.crypto.policy and a m.d.security.policy. CA
policy would be discussed in m.d.crypto.policy.
I understand the taxonomy you're describing, but I don't think our
newsgroup names really need to reflect that subtlety. I suspect that
new contributors interested in CA policy issues will not find
security.policy to be an unintuitive locale, and given that the
newsgroup doesn't exist yet, I'm not very worried that, for instance,
the CA policy discussions will overwhelm other security policy
discussions there.
I guess what I'm saying is that we shouldn't over-engineer this up
front. security.policy can take the policy load off of m.d.t.c, which
I think we all see the value in. If, in time, it becomes such a
flourishing community of policy discussion that we need to split it, I
would consider that a first-class problem to have. In the meantime, my
concern is that we not bifurcate a group that, until last week, we
didn't have in the first place.
Cheers,
Johnathan
---
Johnathan Nightingale
Human Shield
john...@mozilla.com
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
