On Sun, Aug 03, 2003 at 03:14:23AM -0400, Matt Zimmerman wrote: > Surely two people would be an improvement over the current situation, where > there is no review at all. Our demonstration has shown how one person can > discover some common flaws with a relatively brief review. *Exactly*. Well said. > Keep in mind that there are also potentially more than two people interested > in this review process. Another person besides myself has already > volunteered in just the first day of discussion, and I find this very > encouraging. I find that very pleasing also. I have no desire to go down a *BSD route and audit every single thing, (mostly due to a lack of time), but it's good to see that there are people interested in this kind of work. > I would like to promote this beneficial process within Debian in order to > reduce the workload of the security team and the presence of vulnerabilities > in our stable releases. I did feel a little guilty when reporting so many issues that I was putting unfair pressure upon the security team to release fixes, but I assumed if that were the case somebody would tell me. Anything that could make it easier for the security team to do their job is a good thing as you do such a good and important job. Thanks to all of you. Steve ---
Attachment:
pgpawlYI_VkUr.pgp
Description: PGP signature