[haiku-development] Re: Design for signed packages
- From: Jonathan Schleifer <js-haiku-development@xxxxxxxxxxx>
- To: haiku-development@xxxxxxxxxxxxx
- Date: Thu, 27 Mar 2014 15:00:13 +0100
Am 27.03.2014 um 14:24 schrieb Stephan Aßmus <superstippi@xxxxxx>:
> I am sorry you are frustrated and carried through with this reaction. You had
> announced your intended deletion in IRC last night, and even though Axel and
> myself (maybe more) told you there is no general objection against anything
> security-related and you might read something into replies which was not
> intended by their authors, you decided to delete your branch anyway.
The branch only had Ed25519 integrated into the Haiku source and some Ed25519
modifications, plus it needed more modifications to be usable, so it was not
really worthwhile to keep it if I don't plan to continue working on it.
I still have it locally if someone wants it, but I really doubt that it's of
much use.
> Why do you even start a discussion when you are not prepared to face
> different views both on what makes the most sense, what is needed and how to
> implement it technically?
I hoped to get technical feedback on the design with suggestions on how to
improve it, getting potential flaws pointed out, etc. Not to start a general
discussion about whether we want security or not.
I didn't think that I would spend more time justifying myself why I want signed
packages than actually implementing it. If I would have spent all that time
that I had to justify myself, we'd already have package signing.
> The way I see it, you got many serious replies, mostly from Ingo, but also
> Axel, about how best to implement it and what makes the most sense.
> Additionally, you got some replies from some people who would not like to be
> forced to use Haiku in certain ways only. There was even already a thread in
> the discussion to separate things for which there is consense from things
> still needing discussion. Now you throw it all away.
The replies from Ingo and Axel were indeed appreciated, however, the discussion
quickly turned out to be more of a general "Security is pointless, don't bother
us with it" thread, which really completely destroyed my motivation on making
Haiku more secure. If I'm the only one really caring about security, I might as
well give up, especially if people clearly state they don't want any security.
> I really don't understand your reaction. To me it feels like you forced this
> outcome even after there was clearly no basis for it anymore.
>
> That being said, my impression of the /tone/ in this discussion is that it
> was unnecessarily abusive and thick with irony. Along the lines of... uhm -
> do you really believe this... well it's stupid because of this and that...
>
> But this came from you as much as from anybody. If someone thinks there is a
> flaw in the line of thought from someone else, I think it can be pointed out
> without insulting the other's intelligence.
True. But you also have to keep in mind that we work on Haiku on things that
are fun for us. But there's no fun for me anymore in developing package signing
after spending more time defending myself than actually writing code. The last
few replies were what finally took my motivation.
--
Jonathan
Other related posts:
