re: status debian/openbsd

To: Drew Scott Daniels <umdanie8@cc.UManitoba.CA>
Cc: debian-bsd@lists.debian.org
Subject: re: status debian/openbsd
From: matthew green <mrg@eterna.com.au>
Date: Wed, 30 Oct 2002 22:52:55 +1100
Message-id: <[🔎] 1613.1035978775@splode.eterna.com.au>
In-reply-to: your message of "Wed, 30 Oct 2002 00:38:51 MDT." <[🔎] Pine.GSO.4.40.0210300031470.17483-100000@castor.cc.umanitoba.ca>

   
   OpenBSD appears to be more heavily audited though. Maybe it's just
   appearance. You may have seen in the Debian Weekly News that I'm working
   on a rough audit project and in such I would like to say that security
   must include a heavy code audit.


i think 'appears' is a great word here.


from what i've seen over the years all of netbsd, freebsd and openbsd
have done 'code audits'.  infact, largely they've spread to all.. you
may notice that there are far fewer set-id programs in *bsd than ever
before...

i know that i personally read pretty much all the netbsd libraries,
set-id programs, and network daemons, back in 1996 and while i found
and fixed a few holes, i missed a lot too.  code audit doesn't mean
that he bug was found... espcially after you've been reading 100 new
peices of code ....



.mrg.

Reply to:

References:
- Re: status debian/openbsd
  - From: Drew Scott Daniels <umdanie8@cc.UManitoba.CA>

Prev by Date: re: Dependancy info for libc12
Next by Date: Re: status debian/openbsd
Previous by thread: Re: status debian/openbsd
Next by thread: work needed on the python2.1 -> 2.2 transition
Index(es):
- Date
- Thread