[ocaml-infra] [opam-devel] expiration SSL certificate
David Sheets
sheets at alum.mit.edu
Tue Sep 13 12:09:16 BST 2016
On Tue, Sep 13, 2016 at 12:02 PM, Daniel Bünzli
<daniel.buenzli at erratique.ch> wrote:
> Frankly simply don't use the wrong tools; I don't claim there are no bugs in jsonm but at least it doesn't try to be insecure by design.
I still don't think you've demonstrated insecurity (except perhaps your own).
> I think that if you are implementing security infrastructure you should be careful about these details; as far as I'm concerned not doing so casts some doubts on your ability to actually implement these things.
I think the author of the library might like to understand more about
why you think this might be a problem so that they can correct it.
Telling them is certainly more effective (and socially responsible)
than spreading FUD on an unrelated mailing list.
More information about the Infrastructure
mailing list