Hi Paul, On Wed, Dec 19, 2012 at 10:47 AM, Paul Eggert <eggert@xxxxxxxxxxx> wrote: > On 12/18/2012 09:55 PM, Jeffrey Walton wrote: >> >> Unfortunately, the folks at Red Hat provided a "proof by counter >> example" with the recent MySQL 0-days > > > No matter what the security regime is, it will always > break down. Always. The question is not whether security > could be improved. Security could always be improved. > The question is whether it's worth the effort. Agreed. > Abstractly, I think Autoconf machinery to support security > checking is a good idea, but the devil is in the details. Agreed. > One good way to help determine whether the proposed change > to Autoconf is worth the effort is to see whether someone > is willing to volunteer the work to make the proposed change happen, > and to donate their change to the FSF. Are you willing > and able to do that? If not, can you find someone who is? Well, I work in the "secure software" field (whatever that's worth given the collective failures of the security folks). I am willing to try and help. I've been lurking on the list trying to learn (I don't even use Autoconf - I still write my makefiles by hand). I'm not sure how much help the FSF will be. Forgive my ignorance, but are FSF and GNU equivalent? A couple of years ago when Savannah got hacked (January, 2011), I sent an email asking for guidance for projects on security related matters (broadly, secure coding guides, data security and best practices, selection of cryptographic algorithms, and the like). The email was sent to gnu@xxxxxxx (the listed point of contact), and it opened with: "There's two points below that GNU could address. The first is storing plain text passwords. Second is the lack of security topics in 'GNU Coding Standards'." I did not even get a reply. For completeness, I don't think this is an Autoconf problem. But I was hoping Autoconf (or other friends, such as Automake) could be part of the solution. I am wit's end trying to figure out how to put a sizable dent in the problem. I've been putting fires out with garden hoses, and its not working. Jeff _______________________________________________ Autoconf mailing list Autoconf@xxxxxxx https://lists.gnu.org/mailman/listinfo/autoconf
