Date: Tue, 23 Nov 1999 14:03:03 -0800 From: "David O'Brien" <obrien@FreeBSD.ORG> To: Mark Murray <mark@grondar.za> Cc: Kris Kennaway <kris@hub.freebsd.org>, current@FreeBSD.ORG Subject: Re: FreeBSD security auditing project. Message-ID: <19991123140303.B49964@dragon.nuxi.com> In-Reply-To: <199911232049.WAA82007@gratis.grondar.za>; from mark@grondar.za on Tue, Nov 23, 1999 at 10:49:09PM %2B0200 References: <199911232049.WAA82007@gratis.grondar.za>
next in thread | previous in thread | raw e-mail | index | archive | help
> So when Joe Blow clicks on (say) src->bin->cat he'll find that > (say) markm eyballed the code and kris diffed it with OpenBSD > and merged in <blah> fixes - "cat now considered safe". Until the next commit to cat. A security review is never done. We need to be in a mode where every commit is suspect and people are compelled to review it. BDE's use of CTM to review changes is actually rather affective in this reguard. -- -- David (obrien@NUXI.com) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19991123140303.B49964>