Alvin Oga wrote:
hi ya On Thu, 28 Oct 2004, Kim wrote:I am sorry if I have misunderstood anything but "whatever is needed to satisfy yourself" Since this is a personal matter isn't there chances that a person may miss important issues? I rather surgest a clear program of checks that at least must be done in order to avoid problems.that's the tricky part .... eveybody will want different levels of security
Sounds like people have started getting a different idea than what Joey initially proposed. I believe he suggested using external securitydatabases (such as the Mitre list, and previous DSA's) and verifying that those identified issues are not present in testing packages. I'm sure he also ment that security issues identified through other processes (other people doing audits) would be in scope for this team to fix. I don't think he ment that this team would start auditing all Debian packages, nor proposing policy about security issues to try and satisfy everybodies different ideas on security. I'm sure that might occur to some degree as an aside, but I doubt that is the main focus of what Joey is proposing.
Geoff Crompton