On Tue, May 20, 2008 at 05:21:07PM -0300, Luciano Bello wrote:
> I was thinking about the Debian/OpenSSL debacle. Clearly it not easy to
> manage a hard meticulous QA process in all packages. In the other hand, there
> are packages more critical than others, which are more delicate to security.
The more I think at this proposal of yours, the more I get convinced
that the only reasonable definition of delicate is "used by a lot of
people" (i.e. score high in popcoon).
As previously noted in this thread other criteria are subjective, and
even apparently innocuous packages can open the flank to really serious
security problems.
So, basically, I welcome your proposal, but IMO its simplest and most
effective implementation would be: ``packages scoring high in popcon
have to be maintained by teams using some Vcs-*''. To that feel free to
add the bells and whistles you want (like valgrind :-P).
Cheers.
--
Stefano Zacchiroli -*- PhD in Computer Science ............... now what?
zack@{upsilon.cc,cs.unibo.it,debian.org} -<%>- http://upsilon.cc/zack/
(15:56:48) Zack: e la demo dema ? /\ All one has to do is hit the
(15:57:15) Bac: no, la demo scema \/ right keys at the right time
Attachment:
signature.asc
Description: Digital signature