Re: Maintaining kernel source in sarge
On Sun, 25 May 2003 15:11, Matt Zimmerman wrote:
> On Sun, May 25, 2003 at 06:21:00AM +0200, Christoph Hellwig wrote:
> > On Sat, May 24, 2003 at 06:32:26PM -0400, Matt Zimmerman wrote:
> > > It's not noise at all when it's something that we and others
> > > (desperately!) want to know about.
> >
> > Then read through the prepatch diffs, everything adding checks to
> > ioctl methods or similar is likely one them.
>
> This approach does not scale. I cannot personally review the diffs for
> every upstream release of all the software in Debian, nor can any other
> individual or even a small group.
It does not scale to all software in Debian. But most software does not need
much in the way of security auditing.
A small group of people could review all kernel patches that make it into the
official tree. Of course getting even a small group of people who have the
skill to do such work properly and the time to do it continually may not be
easy.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
Reply to: