|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [qubes-devel] Re: Critique of the Xen Security Process
Hello... On 11/10/2015 05:52 AM, Lars Kurth wrote: Hi everyone,firstly I wanted to thank everyone for raising this issue. I wanted to point out that we are not talking about a security process here, but the development process. Or more accurately the cost of writing more secure code and the relative importance of security compared to features. And of course the recent increase of relative importance of "built-in security as a feature" since Snowden.On 9 Nov 2015, at 16:31, Franz <169101@xxxxxxxxx <mailto:169101@xxxxxxxxx>> wrote: Nevertheless, Xen is a creature of interfaces that purport to uphold contracts. These (software engineering, not legal) contracts are explicitly security-themed... the software is promising to isolate processes from each other and protect against privilege escalation. The Xen project itself asserts that it is focused on the security benefits of the hypervisor (to the point of invoking "microkernel" in Xen's description), not mere administrative convenience. What seems to be missing from the defense of Xen project so far in this thread is a level of acknowledgement of this very important aspect of twenty-first century software development: Can you honor what your interfaces communicate to your audience? Its true that some FOSS projects do not care for modern methodologies (which are greatly about concept and mindset), but should Xen be that way? Should Xen project also be a blanket absolution of "blame"? And is the corporate status of some of its contributors a proper justification for being blame-less (perhaps we can think of them like members of 'The Borg')? I think not. This is the trap that FOSS projects most commonly fall into: 'We are free to publish because of liberty, but you are not free to criticize.' Its odd when you think about it. This is the squandering of user motivation and valuable feedback. In fact, throughout 2014 and 2015, the project has received complaints from several large vendors that the Xen Project today is too rigorous with code reviews compared to Linux, KVM... Famous last words before a Heartbleed-scale media circus ensues? I can certainly raise this suggestion with the Advisory Board and see whether we can make some funds available. However, the board has already invested nearly 50% of its entire budget in Test Infrastructure and is planning to continue to spend in this area at roughly this proportion of the projects budget. However, we do not have huge amounts of funds: thus, what we could do with bounties would necessarily be limited.I personally also looked at other ways to change the cost-benefit equation. One example is the Feature Maturity Lifecycle (see http://lists.xen.org/archives/html/xen-devel/2015-11/msg00609.html & http://lists.xenproject.org/archives/html/xen-devel/2015-06/msg01992.html) which aims to use better classification to change behaviour of contributors.I do hope, that this discussion can remain constructive. De-motivating the good work many of our developers (and in particular code reviewers) are doing, is really not helpful in this context. It does seem to me that the suggestion of a Long-Term Support (LTS) release is a constructive one, among the other suggestions that Joanna made. The FML you cite is interesting, but seems to be aimed squarely at developers. You are bound to get better results if the expectations of users change along with developers, so LTS releases may be the better idea. Best Regards Lars _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |