| *** faybrocklebank has joined #trustable | 08:35 | |
| *** lc_ has joined #trustable | 09:09 | |
| *** lc_ is now known as locallycompact | 09:10 | |
| *** laurenceurhegyi has joined #trustable | 09:18 | |
| laurenceurhegyi | I have had a stab at the Project Summary here: https://gitlab.com/trustable/overview/wikis/home | 09:34 |
|---|---|---|
| laurenceurhegyi | Any comments/feedback on this are very welcome, of course. | 09:34 |
| locallycompact | I don't think it's fair to use subjective in that sense. Subjectivity is essential for classification, reason, etc | 09:45 |
| locallycompact | I would say the problem is the opposite | 09:46 |
| leeming | " We need to change this, and there currently does not appear to be any work on this in the open domain." , no work seems a little strong...little work, is more fitting imo | 09:52 |
| *** ctbruce has joined #trustable | 09:53 | |
| leeming | there are small niche FOSS projects scattered around, but most are 1 man projects or abandoned/not updated | 09:54 |
| *** ctbruce has quit IRC | 09:54 | |
| laurenceurhegyi | locallycompact, can you elaborate? My angle there was that it is too subjective to have people performing compliance verification. Move subjective than having a tool do it. | 09:54 |
| *** ctbruce has joined #trustable | 09:54 | |
| leeming | the thing that is true, however, is the integrated CI pipeline of trusted/SCE | 09:54 |
| leeming | but thanks for the draft laurenceurhegyi :P) | 09:54 |
| leeming | :) * | 09:54 |
| leeming | oops, the lack of integrated CI pipeline projects** | 09:55 |
| *** ctbruce has quit IRC | 09:56 | |
| laurenceurhegyi | locallycompact, by that I mean elaborate on: <locallycompact> I would say the problem is the opposite | 09:56 |
| locallycompact | having a tool do it doesn't prove anything unless what happens is intelligible to you and you are convinced of its correctness | 09:56 |
| laurenceurhegyi | leeming, ok, ta, I'll amend. | 09:57 |
| locallycompact | there are plenty of objective verification methods, the problem is there is no mechanism by which you can verify the whole process subjectively | 09:57 |
| *** ctbruce has joined #trustable | 09:59 | |
| laurenceurhegyi | are those methods widely used in compliance verification in SCE, locallycompact? | 10:08 |
| locallycompact | Did we decide what compliance is yet? | 10:10 |
| laurenceurhegyi | Our research so far has been based on the working assumption of compliance and requirements being the same thing (or, at least, functioning in the same way for the purposes of our work). | 10:17 |
| locallycompact | ok | 10:17 |
| laurenceurhegyi | It would be helpful to agree on a common definition of what Compliance is. I know the question was asked on the Mailing List. | 10:18 |
| locallycompact | then I would say yes, most projects that need a minimal amount of assurance generally use objective methods like test suites. | 10:19 |
| locallycompact | definitely the goto thing is tests | 10:20 |
| *** ctbruce has quit IRC | 10:23 | |
| *** ctbruce has joined #trustable | 10:23 | |
| laurenceurhegyi | Yes, ok. | 10:25 |
| laurenceurhegyi | Bear in mind that this an overview and a self-confessed simplified viewpoint. In fact, I have ended up writing a 'Problem Statement' as much as a post saying 'This is what we are aiming to achieve' (because we don't yet know that, of course). | 10:25 |
| laurenceurhegyi | Perhaps I have over-simplified in saying it is 'too' subjective. | 10:25 |
| *** ctbruce has quit IRC | 10:27 | |
| *** ctbruce has joined #trustable | 10:27 | |
| leeming | any ideas - http://paste.baserock.org/raw/rojujureko | 10:39 |
| paulsher1ood | leeming: wrong channel, maybe? | 10:44 |
| * leeming looks at the channel.. | 10:44 | |
| leeming | nope, said I would post here | 10:44 |
| paulsher1ood | ah, ok | 10:45 |
| leeming | this is for the sandboxlib integration | 10:45 |
| * paulsher1ood can't help, sorry | 10:45 | |
| leeming | and you got me all excited with that ping | 10:45 |
| paulsher1ood | sorry again :) | 10:46 |
| paulsher1ood | if this is bwrap specific, maybe ask where the devs for that are? | 10:48 |
| leeming | i think this is more mount specific tbh | 10:49 |
| leeming | and sandboxlib | 10:50 |
| leeming | also, the devs for bwrap seem not to have tested/care about debian users :( | 10:50 |
| paulsher1ood | seems a bit harsh. have you raised an issue on bwrap? | 10:53 |
| leeming | regarding some of the stuff, yes | 10:54 |
| leeming | if this current issue turns out to be a bwrap one, i will add it to my list | 10:55 |
| locallycompact | fleshing out some documentation https://gitlab.com/baserock/defslib | 11:18 |
| *** ctbruce has quit IRC | 12:06 | |
| *** ctbruce has joined #trustable | 12:07 | |
| *** laurenceurhegyi has quit IRC | 13:04 | |
| *** ChrisPolin has quit IRC | 13:05 | |
| *** ChrisPolin has joined #trustable | 13:41 | |
| *** laurenceurhegyi has joined #trustable | 13:44 | |
| *** persia__ has quit IRC | 15:01 | |
| laurenceurhegyi | leeming, earlier you said: <leeming> there are small niche FOSS projects scattered around, but most are 1 man projects or abandoned/not updated. | 15:03 |
| leeming | i did | 15:04 |
| laurenceurhegyi | It'd be useful to list these, to give us a view of all the other relevant projects. | 15:04 |
| laurenceurhegyi | The current landscape, so to speak. | 15:04 |
| leeming | urm.. | 15:04 |
| *** persia has joined #trustable | 15:04 | |
| leeming | I am unsure how to disseminate that information... as I've previously mentioned | 15:05 |
| leeming | I have already shared in private, just not publically | 15:05 |
| laurenceurhegyi | I'm talking about projects in the public domain only. | 15:08 |
| leeming | what i said, still stands | 15:09 |
| laurenceurhegyi | OK | 15:10 |
| *** faybrocklebank has quit IRC | 15:35 | |
| *** ctbruce has quit IRC | 15:52 | |
| paulsher1ood | leeming: two questions: 1) can the output be presetned in such a way that no confidential information is leaked? | 15:58 |
| paulsher1ood | 2) are you confident that the outputs is fit for public scrutiny (e.g. contains no deliberate falsehoods, isn't deliberately biassed, isn't unreasonably controversial etc) | 16:00 |
| *** mdunford has quit IRC | 16:00 | |
| leeming | it depends on how public discourse is defined... all the contents are open, but the fact of a collection is customer owned... or at least that is a similar model to my previous work was | 16:01 |
| paulsher1ood | ack | 16:01 |
| paulsher1ood | maybe ask (someone to ask) your customer for permission? | 16:01 |
| leeming | like single bits of personal information about yourself.. just a name or an age is fine,.. but if I public a set of this information? well that is crossing into grey area | 16:01 |
| paulsher1ood | ack | 16:02 |
| laurenceurhegyi | I'm happy to ask the customer. I think it would add value to this project. | 16:03 |
| leeming | ack | 16:04 |
| laurenceurhegyi | For clarity, my thought process when asking earlier was: Trustable Software project should be identifying the current landscape, and (potentially) identify what each project aims to do, and give a short reason as to why we have chosen to research that project further or not focus on it, on a case by case basis. | 16:05 |
| laurenceurhegyi | As we don't want to miss something which is currently out there. | 16:06 |
| locallycompact | Worth noting: One of the major weaknesses of baserock is it stayed theoretical for too long, and we are only now figuring out major problems with the design after having tried to use it on a real project for several months. | 16:13 |
| paulsher1ood | and that coming from a theorist :) | 16:14 |
| leeming | burn | 16:14 |
| jmacs | Relevant to that, I've just dug out two examples of Mustard being used (not something I can share, unfortunately) | 16:14 |
| jmacs | I'm planning on trying them out to see if they'd fit in with opencontrol | 16:14 |
| paulsher1ood | perfect | 16:14 |
| paulsher1ood | ironically, one of the things mustard was used for was GENIVI compliance... and GENIVI is an open source organisation, but given that the compliance spec was and remains private, the instance could not be made public. | 16:16 |
| dabukalam | https://www.securecoding.cert.org/confluence/pages/viewpage.action?pageId=140705863 | 16:28 |
| *** locallycompact has quit IRC | 16:37 | |
| *** ChrisPolin has quit IRC | 16:38 | |
| *** ChrisPolin has joined #trustable | 16:40 | |
| *** paulsher1ood has quit IRC | 16:47 | |
| *** paulsherwood has joined #trustable | 16:47 | |
| *** locallycompact has joined #trustable | 16:53 | |
| *** locallycompact has quit IRC | 17:11 | |
| *** ChrisPolin has quit IRC | 17:11 | |
| *** lc_ has joined #trustable | 17:12 | |
| *** laurenceurhegyi has quit IRC | 17:12 | |
| *** lc__ has joined #trustable | 17:22 | |
| *** lc_ has quit IRC | 17:22 | |
| *** lc__ has quit IRC | 17:32 | |
| *** leeming has quit IRC | 19:35 | |
| *** leeming has joined #trustable | 19:36 | |
| *** ctgriffiths has quit IRC | 19:44 | |
| *** ctgriffiths_ has joined #trustable | 19:45 | |
| *** ctgriffiths_ has quit IRC | 20:24 | |
| *** ctgriffiths has joined #trustable | 20:26 | |
Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!