[OWASP-wiki-editors] [phpsec] confidentialString function uses hard-coded key (#108)

johanna curiel curiel johanna.curiel at owasp.org
Fri Nov 20 16:56:39 UTC 2015


Hi @owaspjocur <https://github.com/owaspjocur>

I think they are all wise moves. It does sound, however, like this code
will remain public in the OWASP namespace (just with labels of being
inactive). The project you linked has no label of inactivity on its GitHub
page (https://github.com/OWASP/OWASP-WebScarab).

Unfortunately, not everybody reads TODO files and not everybody checks your
wiki pages. Also, every code file in this repository has been indexed by
Google.

How will you guarantee that nobody ever stumbles across this code and uses
it in their project?

Regards,

Andrew


*Andrew:*

I have cc Claudia who can bring this discussion at higher level

If you have a former request to take down the library from OWASP Github
repository, please, make a former request to Claudia who can further take
this issue with the staff as they control the Github account


We have also recently discussed setting a higher level for accepting
defenders libraries as this has many risks associated of using insecure
libraries

Regards


Johanna

On Fri, Nov 20, 2015 at 12:51 PM, Andrew Carter <notifications at github.com>
wrote:

> Hi @owaspjocur <https://github.com/owaspjocur>
>
> I think they are all wise moves. It does sound, however, like this code
> will remain public in the OWASP namespace (just with labels of being
> inactive). The project you linked has no label of inactivity on its GitHub
> page (https://github.com/OWASP/OWASP-WebScarab).
>
> Unfortunately, not everybody reads TODO files and not everybody checks
> your wiki pages. Also, every code file in this repository has been indexed
> by Google.
>
> How will you guarantee that nobody ever stumbles across this code and uses
> it in their project?
>
> Regards,
>
> Andrew
>
>> Reply to this email directly or view it on GitHub
> <https://github.com/OWASP/phpsec/issues/108#issuecomment-158457583>.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-wiki-editors/attachments/20151120/f2f4632f/attachment.html>


More information about the OWASP-wiki-editors mailing list