Re: setuid/setgid binaries contained in the Debian repository.

To: debian-devel@lists.debian.org
Subject: Re: setuid/setgid binaries contained in the Debian repository.
From: Stephen Frost <sfrost@snowman.net>
Date: Fri, 1 Aug 2003 11:26:57 -0400
Message-id: <[🔎] 20030801152657.GM17061@ns.snowman.net>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 20030801151852.GB15502@alcor.net>
References: <20030731121701.GA3282@uk.intasys.com> <20030731165528.GB10002@dragon.kitenet.net> <[🔎] 20030801151852.GB15502@alcor.net>

* Matt Zimmerman (mdz@debian.org) wrote:
> On Thu, Jul 31, 2003 at 12:55:28PM -0400, Joey Hess wrote:
> > I also think it would be a good idea for policy to require all setuid/gid
> > bit grants to go through this or another list for peer review, much as
> > pre-depends are supposed to.
> 
> I absolutely support this idea.  All set[ug]id setups should be reviewed
> before they go in the archive, and I volunteer to do the review (though I
> hope that others will help).  Does this need a proposal to go into policy
> with the same force as the existing pre-depends verbiage?

It probably should.  I'd be willing to say we might want a seperate list
for this too.  I'm willing to help with the review but I tend to skim
d-d..

	Stephen

Attachment: pgpfnAprJ7ap6.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: setuid/setgid binaries contained in the Debian repository.
  - From: Matt Zimmerman <mdz@debian.org>

References:
- Re: setuid/setgid binaries contained in the Debian repository.
  - From: Matt Zimmerman <mdz@debian.org>

Prev by Date: Re: Bug#203588: acpid: Shell script has nothing to do in /etc
Next by Date: Re: Data loss: suggestions for handling
Previous by thread: Re: setuid/setgid binaries contained in the Debian repository.
Next by thread: Re: setuid/setgid binaries contained in the Debian repository.
Index(es):
- Date
- Thread