On 2015-11-26 11:07 AM, Thomas Zimmermann wrote:
I haven't followed the overall discussion closely, but
This is not OK.
Does anyone here actually think that the team that's been busting their
asses over this for months _doesn't_ have better information and more
insight into this problem than what you've come up with after thinking
about it for five minutes? That all the data they've gathered, all the
experience and expertise they're bringing to bear on this problem are
just sitting in a box in the corner somewhere while they daydream how
much fun it is to write security-critical software and brush off our
users' rights and developer community's needs?
Really?
Stillman wrote some new code and put it through a process meant to catch
problems in old code, and it passed. That's unfortunate, but does it
really surprise anyone that security is an evolving process? That it
might be be full of hard tradeoffs? There is a _huge_gap_ between "new
code can defeat old security measures" and "therefore all the old
security measures are useless". It's an even bigger step from there to
the implication that people working on this either haven't thought about
it already, or just don't care.
We're bad at communications, I get that, but maybe we could all talk to
someone on that team for ten minutes before telling them how to do their
jobs. Ask them about their reasoning, what decisions they made and why,
what the tradeoffs were. I have, and watching the discussion in this
thread is like watching someone tell Jason Bourne he should tie his
shoes and look both ways before crossing the street. It would be
hilarious if I didn't know for a fact that it's insulting and
demoralizing to really smart people who've worked hard and cared
intensely about Mozilla's users and developers for a long, long time.
- mhoye
_______________________________________________
dev-platform mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-platform
