Re: ssl security desaster (was: Re: changing subjects when discussion becomes slightly off-topic - Was:Re: SSH keys: DSA vs RSA)
Le 16 mai 08 à 15:41, Miriam Ruiz a écrit :
2008/5/16 Thibaut Paumard <firstname.lastname@example.org>:
[...] Maybe there should also be a
clasification of packages according to how bad would a bug be in them
for the whole system, so that patches in those could be more carefully
Actually, I seem to remember that the issue of critical packages
being maintained by only one person have been pointed out here
several times already this year (although I don't remember the
particular threads). Certainly, such packages needs a better QA than
the rest. By the way, I was under the impression that Ubuntu was
claiming a tighter QA for their core system... (tighter than the rest
of Ubuntu, perhaps not than Debian).
I can see two approaches to deal with "critical" packages:
- enforcing team maintaining, although I'm not sure that would
solve the problem: how can we be certain that each members would
cross-check each other's work? Perhaps a double signature could be
required, so that we are certain that the source actually reached
several maintainer's computers before being uploaded?
- having a special queue where every upload (to those critical
packages) needs to be reviewed by a special task force, but that
would delay upgrades and there needs to be provisions for urgent
security fixes... Perhaps those critical packages can indeed go
directly into the pool, but be automatically marked with an RC bug:
"needs security review"? That may be silly to mark every "critical"
package as RC buggy each time it is uploaded to the archive... But
doesn't it make some sense?
Of course both approaches require skilled manpower... I can see that
the first approach distributes the workload on potentially more
people, while the second one may ensure the better reviews...
There comes then the question of what packages are critical. At first
I was thinking the entire set of "required" packages should be
considered critical, but that may not be necessary. (And certainly,
many packages which are _not_ required are critical as well).
Hope I'm not talking too much non-sense.
Best regards, Thibaut.