[libre-riscv-dev] web-of-trust for code reviews to manage trusting dependencies

Luke Kenneth Casson Leighton lkcl at lkcl.net
Tue Aug 27 12:29:48 BST 2019


I found the location to which the security audit and design contributions -
some of them - had been pathologically shunted and ignored by Mozilla B2G.

I found out later that Mozilla has a decades long standing track record of
ignoring security advice by experts.

I provided *seven* extremely important reasons why SSL is a failure for use
as a package distribution method.

Response: SSL was used as the B2G package distribution method.

Fortunately, B2G was a failure due to excessive CPU utilisation, down to
overdesign and reliance on javascript bindings to latency-sensitive APIs.

whoops :)


crowd-funded eco-conscious hardware: https://www.crowdsupply.com/eoma68

More information about the libre-riscv-dev mailing list