Re: rudeness in changelogs

To: debian-devel@lists.debian.org
Subject: Re: rudeness in changelogs
From: Florian Weimer <fw@deneb.enyo.de>
Date: Mon, 10 Jan 2005 09:37:31 +0100
Message-id: <[🔎] 87mzvh65o4.fsf@deneb.enyo.de>
In-reply-to: <[🔎] 20050109010845.GA13140@mauritius.dodds.net> (Steve Langasek's message of "Sat, 8 Jan 2005 17:08:47 -0800")
References: <E1CnNVk-00041L-00@newraff.debian.org> <[🔎] 20050108210836.GA14454@kitenet.net> <[🔎] 20050109004424.GA12454@moregruel.net> <[🔎] 20050109010845.GA13140@mauritius.dodds.net>

* Steve Langasek:

[DJB's vulnerability research course]

> Considering the assignment AIUI was "find security holes",

I think the assignment was "find potential security holes and prove
that they are security holes, by writing exploits".  The first part is
easy, just compile any sufficiently obscure software with
-Wformat-literal (running RATS is also a good idea).  The second part
is harder.  Most of the time, it's easier to rewrite the code in
question so that it has no (obvious) security problem, potential or
not.

Reply to:

References:
- rudeness in changelogs
  - From: Joey Hess <joeyh@debian.org>
- Re: rudeness in changelogs
  - From: Steve Greenland <steveg@moregruel.net>
- Re: rudeness in changelogs
  - From: Steve Langasek <vorlon@debian.org>

Prev by Date: Re: rudeness in changelogs
Next by Date: Re: Debianized ndiswrapper-source is better on SourceForge
Previous by thread: Re: rudeness in changelogs
Next by thread: Re: rudeness in changelogs
Index(es):
- Date
- Thread