...
Key takeaways BSC meeting
- Standardized communication for maps from UM to KM
- Good to have a map level spec around map and data types
- Vicky: How useful outside of L3AF? Would be good to have a de-facto standard.
- Agree, standards would be helpful.
- Louis: Create sub-project to write documents?
- Karan: Does this change for Windows?
- Dave: Believe the answer is no.
- Both use libBPF
- Gatekeeping, security and public repository
- Different types of signing.
- Just because a program is in a public repo - it would be dangerous to install
- Have a private repo and the only thing that pulls from a public repo is one that is trusted by admin
- This isn't like an app store - this is kernel stuff
- Karan: Could we allow only trusted sources to put stuff into a public repo
- Dave: That would not change the security situation because trust is not transitive.
- Karan: Could we have a hybrid model?
- Dave: The BSC might go along with this, but I don't recommend it.
- Vicky: Experience does not bear out trusting public repositories.
- Incredibly rife with situations where security issues arise. We need the possibility for people to have private models
- If we don't set up the pubilc repo then someone else will. We should do it so that we can at least have some safeguards for security.
- At the same time users should do their own testing and evaluation.
- Standardized communication for maps from UM to KM
Action Items
- LJ Illuzzihave draft working documents ready for LFN Induction meeting on 01/25, including proposed timeline
...