[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: forming a security team for testing

Alvin Oga wrote:
hi ya

On Thu, 28 Oct 2004, Kim wrote:

I am sorry if I have misunderstood anything but "whatever is needed to
satisfy yourself" Since this is a personal matter isn't there chances that a
person may miss important issues? I rather surgest a clear program of checks
that at least must be done in order to avoid problems.

that's the tricky part .... eveybody will want different levels of

 Sounds like people have started getting a different idea than what
Joey initially proposed. I believe he suggested using external security
databases (such as the Mitre list, and previous DSA's) and verifying that those identified issues are not present in testing packages. I'm sure he also ment that security issues identified through other processes (other people doing audits) would be in scope for this team to fix. I don't think he ment that this team would start auditing all Debian packages, nor proposing policy about security issues to try and satisfy everybodies different ideas on security. I'm sure that might occur to some degree as an aside, but I doubt that is the main focus of what Joey is proposing.

  Geoff Crompton

Reply to: