Strawman: Module Keys

Mike Samuel mikesamuel at
Tue Feb 27 20:47:46 UTC 2018

I'm looking for other criticism of and for interested parties
who might have time to refine it.

This adds public/private key analogues to ModuleBodies along with some
associated operators.

As background, we on Google's security engineering group have had a lot of
success hooking into build systems, linkers and using static analyzers to
identify problematic code patterns, guide developers towards safe ones, and
make sure we find out about things that we want to know about.  This has
let a small group of security engineers manage the security of a much
larger group of application developers without us-vs-them dynamics.

I hope that some machinery like this might enable similar dynamics within
open-source projects that don't have monolithic code repos.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the es-discuss mailing list