A process for reporting security-sensitive issues
eir at cis.upenn.edu
Fri Sep 4 21:26:45 UTC 2015
I agree with Adam. I've been a little worried about users relying on Safe Haskell, despite #9562. Advertising that Safe Haskell is just a "best effort" (for a rather high bar for "best") but not a guarantee would be nice.
On Sep 3, 2015, at 10:50 PM, Adam Gundry <adam at well-typed.com> wrote:
> On 03/09/15 08:22, Michael Smith wrote:
>> I feel there should be some process for reporting security-sensitive issues
>> in GHC -- for example, #9562 and #10826 in Trac. Perhaps something like the
>> SensitiveTicketsPlugin  could be used?
>>  https://ghc.haskell.org/trac/ghc/ticket/9562
>>  https://ghc.haskell.org/trac/ghc/ticket/10826
>>  https://trac-hacks.org/wiki/SensitiveTicketsPlugin
> Thanks for raising this. While I see where you are coming from, I'm
> going to argue against it, because I think it creates a false impression
> of the security guarantees GHC provides. Such a process may give the
> impression that there are people directly tasked with handling such
> security bugs, which is not currently the case.
> I think it is unreasonable for the security of a system to depend on GHC
> having no type soundness bugs, particularly since GHC is actively used
> for developing experimental type system features. #9562 has been open
> for a year and we don't have a good solution.
> Relatedly, I think the Safe Haskell documentation should prominently
> warn about the existence of #9562 and the possibility of other type
> soundness bugs, like it does for compilation safety issues.
> What do others think?
> Adam Gundry, Haskell Consultant
> Well-Typed LLP, http://www.well-typed.com/
> ghc-devs mailing list
> ghc-devs at haskell.org
More information about the ghc-devs