[OWASP-wiki-editors] [phpsec] confidentialString function uses hard-coded key (#108)

johanna curiel curiel johanna.curiel at owasp.org
Fri Nov 20 17:00:01 UTC 2015


Regarding Inactive projects in OWASP github, is wise to setup an inactive
label too I grew
https://github.com/OWASP/OWASP-WebScarab/blob/master/README

On Fri, Nov 20, 2015 at 12:56 PM, johanna curiel curiel <
johanna.curiel at owasp.org> wrote:

> Hi @owaspjocur <https://github.com/owaspjocur>
>
> I think they are all wise moves. It does sound, however, like this code
> will remain public in the OWASP namespace (just with labels of being
> inactive). The project you linked has no label of inactivity on its GitHub
> page (https://github.com/OWASP/OWASP-WebScarab).
>
> Unfortunately, not everybody reads TODO files and not everybody checks
> your wiki pages. Also, every code file in this repository has been indexed
> by Google.
>
> How will you guarantee that nobody ever stumbles across this code and uses
> it in their project?
>
> Regards,
>
> Andrew
>
>
> *Andrew:*
>
> I have cc Claudia who can bring this discussion at higher level
>
> If you have a former request to take down the library from OWASP Github
> repository, please, make a former request to Claudia who can further take
> this issue with the staff as they control the Github account
>
>
> We have also recently discussed setting a higher level for accepting
> defenders libraries as this has many risks associated of using insecure
> libraries
>
> Regards
>
>
> Johanna
>
> On Fri, Nov 20, 2015 at 12:51 PM, Andrew Carter <notifications at github.com>
> wrote:
>
>> Hi @owaspjocur <https://github.com/owaspjocur>
>>
>> I think they are all wise moves. It does sound, however, like this code
>> will remain public in the OWASP namespace (just with labels of being
>> inactive). The project you linked has no label of inactivity on its GitHub
>> page (https://github.com/OWASP/OWASP-WebScarab).
>>
>> Unfortunately, not everybody reads TODO files and not everybody checks
>> your wiki pages. Also, every code file in this repository has been indexed
>> by Google.
>>
>> How will you guarantee that nobody ever stumbles across this code and
>> uses it in their project?
>>
>> Regards,
>>
>> Andrew
>>
>>>> Reply to this email directly or view it on GitHub
>> <https://github.com/OWASP/phpsec/issues/108#issuecomment-158457583>.
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-wiki-editors/attachments/20151120/87bdd32a/attachment-0001.html>


More information about the OWASP-wiki-editors mailing list