If it's worth saying, but not worth its own post, then it goes here.
Notes for future OT posters:
1. Please add the 'open_thread' tag.
2. Check if there is an active Open Thread before posting a new one. (Immediately before; refresh the list-of-threads page before posting.)
3. Open Threads should start on Monday, and end on Sunday.
4. Unflag the two options "Notify me of new top level comments on this article" and "
There's a weird cold war in software design, where everyone knows that they can use 'security' to win any argument, but we must all refrain from doing so, because that ratchet only goes one way.
The deal is that no one can ever argue against 'security', so you always win if you bring it up, but if you use that against me I'll retaliate, and the project will fail (very very securely).
Also, unrelated, if I you ever hear someone bragging about their amazing release process, just nod and ask them about the emergency release process. That's what they ACTUALLY use.
When we get into discussions about security, the best tools I've found are: