> If I were Debian dictator (and I'm not even a debian developer, though I am > what you guys call an "upstream developer" -- I'm on the GCC steering > committee), I'd add a requirement that every package owner certify that he > has checked the package s/he maintains for a list of common security > problems, and that all problems found have been fixed. > Sounds like a good idea. I'm not a Debian developer either (I'm in the NM queue), but I'd suggest that perhaps everyone who is accepted as a new maintainer should be required to demonstrate a clear understanding of common security holes as part of their "technical competency". -- |> |= -+- |= |> | |- | |- |\ Peter Eckersley (pde@cs.mu.oz.au) http://www.cs.mu.oz.au/~pde for techno-leftie inspiration, take a look at http://www.computerbank.org.au/
Attachment:
pgpWm75cgeAgz.pgp
Description: PGP signature