[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#337086: [BPP] Best practices for security design and review

retitle 337086 provide a link to the Debian Security Manual

On 03/06/08 at 02:06 +0200, Javier Fernández-Sanguino Peña wrote:
> On Thu, May 29, 2008 at 12:56:19PM +0200, Lucas Nussbaum wrote:
> > What's the status of this patch? Are you still interested in getting
> > this into developers-reference?
> I haven't worked in this patch since I last sent it. I included it in the
> Debian Security Manual, since there was no response here.
> Currently up at
> http://www.debian.org/doc/manuals/securing-debian-howto/ch9.en.html
> > I generally agree that such a section would be a good idea, at least the
> > first part (Best practices for security review and design). I'm not
> > quite sure about the second part (System users and groups for software
> > daemons), because it's quite long, and if we take that path, there are
> > other things that should be documented in the same way.
> Well, the second part could go to the Manual, or rather, stay there. Some
> developers oppose to having code in the documentation (don't blame them
> actually) so it might be better to have that in a separate location.
> Actually, the best place for it would be a tool (ala debhelper).

Hi Javier,

I think that the current situation is OK. I will make sure to add a link
to the Debian Security Manual in developers-reference.

Thank you,
| Lucas Nussbaum
| lucas@lucas-nussbaum.net   http://www.lucas-nussbaum.net/ |
| jabber: lucas@nussbaum.fr             GPG: 1024D/023B3F4F |

Attachment: signature.asc
Description: Digital signature

Reply to: