[Bf-committers] "Security" gets in the way
jonathan d p ferguson
jdpf.plus at gmail.com
Fri Apr 30 20:56:36 CEST 2010
hi.
All:
I have commented extensively about the present Blender Security Model. See:
http://lists.blender.org/pipermail/bf-committers/2010-March/026604.html
http://lists.blender.org/pipermail/bf-committers/2010-March/026615.html
I helped Leif to write up his GSOC proposal for a Security model that is abstracted away from interpreter/ API implementation constraints, which the current discussion seems mired in. PyPy, Lua, et al are not the root of the problem, and any such implementation would be necessarily constrained.
The root of the problem is well articulated in the idea of Trust. Happily there are well proven ways to represent trust algorithmically. These ways are well established and adopted by the Free Software community at large. I plead with you all to learn about GnuPG, and the Web Of Trust (see above messages, including extensive citations to which you are invited to read).
Ton, and Tom, please include me in the list of contributors for the Blender Security working group.
Thanks.
have a day.yad
jdpf
On Apr 30, 2010, at 8:06 AM, Ton Roosendaal wrote:
> Hi all,
>
> As a reminder: IRC meetings are open for everyone. We report on
> progress, define actions and planning, and make decisions when needed.
> Meetings are not meant for discussions, for that this list or any time
> outside meetings is better suited.
>
> Decisions are 'in consensis' by default, or at least should be
> supported by the active maintainers of this part of the code.
>
> A solution for this issue would be to appoint a small team to look
> into this issue, and come with a proposal. This team should consist of
> active developers/contributors/documentors, and be at least
> representative for the code or module maintainers. Everyone here has
> had a chance to reflect opinions and that's loud and clearly heard
> already. Next step is just accepting a roadmap how to progress, and
> move on. :)
>
> -Ton-
>
> ------------------------------------------------------------------------
> Ton Roosendaal Blender Foundation ton at blender.org www.blender.org
> Blender Institute Entrepotdok 57A 1018AD Amsterdam The Netherlands
>
> On 30 Apr, 2010, at 8:29, Benjamin Tolputt wrote:
>
>> Campbell Barton wrote:
>>> Best bring this up next meeting and come to some consensus. I wasn't
>>> in IRC for the decision either :)
>>>
>>
>> Interesting to note :)
>>
>>> However I'm going away this weekend, can make it for the next one
>>> though (May 9th).
>>>
>>
>> Is this a meeting that would be open to other participants? I assume
>> that there are meetings the general public do not attend, but being on
>> IRC - this would be something interested parties can speak at?
>>
>>> Don't think this is urgent, can wait a week or two, would rather this
>>> be a meeting topic so we can formalize what is done, rather then some
>>> devs agreeing on IRC.
>>>
>>
>> This is not that urgent, no. Any immediate changes would still wait
>> for
>> the official Blender 2.5/2.6 release before getting into the hands of
>> the public, and that is some time away. Any non-immediate changes (on
>> the wild, off-chance something drastic is accepted as worth looking
>> into) will need to wait until after said release. In any case, I doubt
>> two weeks are going to matter much either way. Two to three years on
>> the
>> other hand might be asking too much ;)
>> _______________________________________________
>> Bf-committers mailing list
>> Bf-committers at blender.org
>> http://lists.blender.org/mailman/listinfo/bf-committers
>
> _______________________________________________
> Bf-committers mailing list
> Bf-committers at blender.org
> http://lists.blender.org/mailman/listinfo/bf-committers
More information about the Bf-committers
mailing list