[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#337086: [BPP] Best practices for security design and review

On Thu, May 29, 2008 at 12:56:19PM +0200, Lucas Nussbaum wrote:
> What's the status of this patch? Are you still interested in getting
> this into developers-reference?

I haven't worked in this patch since I last sent it. I included it in the
Debian Security Manual, since there was no response here.
Currently up at

> I generally agree that such a section would be a good idea, at least the
> first part (Best practices for security review and design). I'm not
> quite sure about the second part (System users and groups for software
> daemons), because it's quite long, and if we take that path, there are
> other things that should be documented in the same way.

Well, the second part could go to the Manual, or rather, stay there. Some
developers oppose to having code in the documentation (don't blame them
actually) so it might be better to have that in a separate location.
Actually, the best place for it would be a tool (ala debhelper).



Attachment: signature.asc
Description: Digital signature

Reply to: