CAcert Code Development list.

[Ian G <iang AT cacert.org>]

On 3/02/2015 22:30 pm, Benny Baumann wrote:
> Thus: What you do while WIP is your business, but the versions effective
> to our members should require established version control.


On the other hand... it does occur that there is one other risk. The 
crit system has to display the content of the policy to the users in the 
event of a new registration, or otherwise make it available.  It has to 
get the "right" one and it has to make sure that it has no nasty stuff 
injected into it.  In effect the high-sec site is displaying content 
from a medium-sec site, and therefore disturbing the security perimeter.

We (policy group and members and arbitration) will pick up the first 
risk.  However the second risk probably means that crit system has to 
scrub the file every time it brings it in.  Or cache it.  Or scrub & 
hash it.  Or...

Hmm, maybe this is overthinking it, maybe crit-system can simply display 
a link.

Maybe Policy is not the right group for this, CC to devel.

iang