[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: setuid/setgid binaries contained in the Debian repository.

On Thu, Jul 31, 2003 at 12:55:28PM -0400, Joey Hess wrote:

> I also think it would be a good idea for policy to require all setuid/gid
> bit grants to go through this or another list for peer review, much as
> pre-depends are supposed to.

I absolutely support this idea.  All set[ug]id setups should be reviewed
before they go in the archive, and I volunteer to do the review (though I
hope that others will help).  Does this need a proposal to go into policy
with the same force as the existing pre-depends verbiage?

 - mdz

Reply to: