[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: time for some OpenBSD-style auditing?

> If I were Debian dictator (and I'm not even a debian developer, though I am
> what you guys call an "upstream developer" -- I'm on the GCC steering
> committee), I'd add a requirement that every package owner certify that he
> has checked the package s/he maintains for a list of common security
> problems, and that all problems found have been fixed.

Sounds like a good idea.  I'm not a Debian developer either (I'm in the
NM queue), but I'd suggest that perhaps everyone who is accepted as a
new maintainer should be required to demonstrate a clear understanding
of common security holes as part of their "technical competency".


|> |= -+- |= |>
|  |-  |  |- |\

Peter Eckersley
for techno-leftie inspiration, take a look at

Attachment: pgpWm75cgeAgz.pgp
Description: PGP signature

Reply to: