Re: setuid/setgid binaries contained in the Debian repository.
On Thu, Jul 31, 2003 at 12:55:28PM -0400, Joey Hess wrote:
> I also think it would be a good idea for policy to require all setuid/gid
> bit grants to go through this or another list for peer review, much as
> pre-depends are supposed to.
I absolutely support this idea. All set[ug]id setups should be reviewed
before they go in the archive, and I volunteer to do the review (though I
hope that others will help). Does this need a proposal to go into policy
with the same force as the existing pre-depends verbiage?