Mailing List Archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] Subsidized FIDO U2F security keys

Curt Sampson writes:

 > While they have, you want to be very careful about what the Github
 > folks say when they talk about security.

Yeah, I talked to two Github guys at PyCon in April.  Guy 1 is a
security guy, but *his* job is "tiger team", ie, auditing and breaking
security and then telling the site implementers (and their managers
;-) what needs to be fixed.  (BTW, he's the one who's using Python and
does not want to go back to Ruby.)  Guy 2 is an implementer (using
Ruby, of course), and he only knows what Guy 1 tells him about
security, he says.  I imagine marketing (the folks who write the blogs
;-) is even more confused.

I doubt Github is less secure than the average web service, but it
does give one pause.  Don't believe everything you read on the

Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links