openssl / project

Tracking of project related issues
2 stars 1 forks source link

Review the security policy with respect to the apps #907

Open mattcaswell opened 1 week ago

mattcaswell commented 1 week ago

We should review the security policy with respect to the apps.

For example how should we handle server based apps such as s_server and ocsp? Do we consider these hardened security servers - or for test/demonstration purposes only? How should we treat security issues in them?

romen commented 1 week ago

After we review the security policy, we should also plan to add appropriate disclaimers as comments at the beginning of the code in apps/, pointing to the security policy and the intended usage/level of security guarantees for each app.

It's important for part of our communities to discover/be warned about the experimental/demonstrative/testing/unsafe nature of that code when perusing through their sources.