Code reviews in debian
On Thu, Jun 14, 2001 at 05:11:00PM -0500, Steve Greenland wrote:
> On 14-Jun-01, 14:30 (CDT), Miquel Mart?n L?pez <firstname.lastname@example.org> wrote:
> > And changing topic, how about that code-revieu debian list? It sure sounds
> > interesting, and many of us would learn a great deal :) Debian gurus out
> > there, let's give it a shot! Where/who can we contact?
> I've submitted a bug against lists.debian.org asking that it be created.
> It's #100907. If I don't get a response in a few days I may just create
> it on my hosting system.
I think that code review would be an excellent part of debian, in much the
same way as openBSD does it. More than just a list, I'd like to see it as
part of project, like the Debian Documentation Project, etc al.
I got on that line of thinking when I noticed the recent rash of printf
format string exploits. Now, any programmer who introduces such an exploit
needs a LART in a big way, but becides that, a couple of people with grep
and some regex's could eliminate all of those exploits in every debian
package without a huge of work.
That alone would increase debian's security significantly, and I wouldn't be
suprised if the success of such a project quickly gained an interest in code
review that could start stamping out some of the more subtle bugs.
Just a thought.
Jordan Bettis <http://www.hafd.org/~jordanb/>
Pray: To ask that the laws of the universe be annulled in behalf of a single
petitioner, who is confessedly unworthy.
-- Ambrose Bierce