[opam-devel] [ocaml-infra] expiration SSL certificate

David Sheets sheets at alum.mit.edu
Tue Sep 13 12:09:16 BST 2016


On Tue, Sep 13, 2016 at 12:02 PM, Daniel Bünzli
<daniel.buenzli at erratique.ch> wrote:
> Frankly simply don't use the wrong tools; I don't claim there are no bugs in jsonm but at least it doesn't try to be insecure by design.

I still don't think you've demonstrated insecurity (except perhaps your own).

> I think that if you are implementing security infrastructure you should be careful about these details; as far as I'm concerned not doing so casts some doubts on your ability to actually implement these things.

I think the author of the library might like to understand more about
why you think this might be a problem so that they can correct it.
Telling them is certainly more effective (and socially responsible)
than spreading FUD on an unrelated mailing list.


More information about the opam-devel mailing list