[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Maintaining kernel source in sarge

On Sun, 25 May 2003 15:11, Matt Zimmerman wrote:
> On Sun, May 25, 2003 at 06:21:00AM +0200, Christoph Hellwig wrote:
> > On Sat, May 24, 2003 at 06:32:26PM -0400, Matt Zimmerman wrote:
> > > It's not noise at all when it's something that we and others
> > > (desperately!) want to know about.
> >
> > Then read through the prepatch diffs, everything adding checks to
> > ioctl methods or similar is likely one them.
> This approach does not scale.  I cannot personally review the diffs for
> every upstream release of all the software in Debian, nor can any other
> individual or even a small group.

It does not scale to all software in Debian.  But most software does not need 
much in the way of security auditing.

A small group of people could review all kernel patches that make it into the 
official tree.  Of course getting even a small group of people who have the 
skill to do such work properly and the time to do it continually may not be 

http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to: