[Info-vax] Roadmap
Arne Vajhøj
arne at vajhoej.dk
Thu Jan 3 20:32:24 EST 2019
On 1/3/2019 3:44 PM, Dave Froble wrote:
> On 1/3/2019 3:11 PM, gezelter at rlgsc.com wrote:
>> On Thursday, January 3, 2019 at 1:32:43 PM UTC-5, Simon Clubley wrote:
>>> On 2019-01-03, gezelter at rlgsc.com <gezelter at rlgsc.com> wrote:
>>>> My recommendation would be for an essentially "flat" port, with
>>>> changes deferred to a later point.
>>>>
>>>
>>> The problem with that is that while it can apply to much of VMS,
>>> security is an ever changing goal and VMS needs various things
>>> to be fixed as soon as possible.
>>>
>>> I would also hope VSI isn't exclusively using the Intel hardware
>>> generator by default for security critical functionality.
>> Just to be clear: My reference to "flat" was not a long-term
>> recommendation, but a short-term tactic for the initial boot/EAK.
>>
>> Long-term, there is no shortage of things to be done. However, none of
>> them should detract from the short-term goal of First Boot/EAK.
> As for Simon's concerns, if the possibilities were port with no security
> enhancements, or, no port at all, it might be interesting to see his
> preference. Me, I think the priority is the port, over anything else.
> But what do I know?
There are lots of security enhancements to be made.
But security is not the only area that need enhancements.
And VSI need to get the x86-64 version out to survive financially.
So prioritization need to be made.
I think VSI need to got for the low hanging fruits in the
security area for the first releases and postpone the
more tricky ones to later.
Otherwise they will not make it.
They should focus on what:
* is easy to fix without triggers change all over VMS
* is noted a problems by customers in their security audits
Arne
More information about the Info-vax
mailing list