[Cryptography] Security clearances and FOSS encryption?
Rick Smith, Cryptosmith
me at cys.me
Tue Jul 15 14:56:07 EDT 2014
Does anyone appreciate the irony?
If we wish to exclude people with security clearances from FOSS projects, we need our own process for doing background checks. If the person passes the background check, we issue our own security clearance to work on our project.
Is this what the FOSS community is going to want?
I'd like us to recall earlier discussions - we can't predict which contributors are going to try to subvert our software, even with background checks. How do we cope? The same way we cope with other flaws in the code: we review, test, repeat.
Rick.
More information about the cryptography
mailing list