On 8/24/06, Elad Efrat <elad@netbsd.org> wrote:
> Due to it being spread across multiple files and quite big in size, I've
> placed it all online:
>
>         http://www.bsd.org.il/netbsd/secmodel/

This directory seems to have disappeared.

BTW, I'm willing to help at the design level of BPG and a secure update
model for packages/ports/etc.  I don't think I'll have time to help with the
implementation though.

I don't know what the licenses on the modules are, but consider using a
HLL for _userland_ security tools that interact with the network or process
untrused data.  The opportunity for a variety of implementation-related
vulnerabilities is thereby avoided.  If you use a widespread package for
the low-level implementation like openssl (isn't that capable of doing
signatures and it's already in userland isn't it?) then you can avoid all
the hassle and error-prone bit-diddling and spend your time on
protocol-level stuff, often with an order-of-magnitude reduction in
lines-of-code.  I use python myself but hear good things about ruby
from the bilingual people I know.  If you want to get really crazy,
consider a (mostly) functional language like ocaml.  Then you
completely avoid worrying about flow-of-control and the subtle
problems that can arise therein (e.g. the problem of testing every code
path, the hidden bugs that lurk in infrequently-used code paths,
off-by-one errors in loops and getting the sense of the test wrong).
-- 
"If you're not part of the solution, you're part of the precipitate."
Unix "guru" for rent or hire -><- http://www.lightconsulting.com/~travis/
GPG fingerprint: 9D3F 395A DAC5 5CCC 9066  151D 0A6B 4098 0C55 1484