A process for reporting security-sensitive issues
adam at well-typed.com
Fri Sep 4 05:50:12 UTC 2015
On 03/09/15 08:22, Michael Smith wrote:
> I feel there should be some process for reporting security-sensitive issues
> in GHC -- for example, #9562 and #10826 in Trac. Perhaps something like the
> SensitiveTicketsPlugin  could be used?
>  https://ghc.haskell.org/trac/ghc/ticket/9562
>  https://ghc.haskell.org/trac/ghc/ticket/10826
>  https://trac-hacks.org/wiki/SensitiveTicketsPlugin
Thanks for raising this. While I see where you are coming from, I'm
going to argue against it, because I think it creates a false impression
of the security guarantees GHC provides. Such a process may give the
impression that there are people directly tasked with handling such
security bugs, which is not currently the case.
I think it is unreasonable for the security of a system to depend on GHC
having no type soundness bugs, particularly since GHC is actively used
for developing experimental type system features. #9562 has been open
for a year and we don't have a good solution.
Relatedly, I think the Safe Haskell documentation should prominently
warn about the existence of #9562 and the possibility of other type
soundness bugs, like it does for compilation safety issues.
What do others think?
Adam Gundry, Haskell Consultant
Well-Typed LLP, http://www.well-typed.com/
More information about the ghc-devs