[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: forming a security team for testing

Dear Joey Hess

Great work!

You write: " - Go through your claimed CANs and check changelogs,
advisories, do
   testing, whatever is needed to satisfy yourself whether sarge is
   vulnerable or not, and record your findings in the CANs file.
   Note that the file is read by checklist.pl, so follow the simple file
   format."

I am sorry if I have misunderstood anything but "whatever is needed to
satisfy yourself" Since this is a personal matter isn't there chances that a
person may miss important issues? I rather surgest a clear program of checks
that at least must be done in order to avoid problems.

Kim


----- Original Message ----- 
From: "Joey Hess" <joeyh@debian.org>
To: <debian-security@lists.debian.org>
Cc: "Matt Zimmerman" <mdz@debian.org>; "Bdale Garbee" <bdale@debian.org>;
"Chris Halls" <halls@debian.org>; "Martin Schulze" <joey@debian.org>;
"Andreas Mueller" <amu@tr.debian.net>; "Petter Reinholdtsen"
<pere@hungry.com>; "Martin Michlmayr" <tbm@cyrius.com>; "Andreas Barth"
<aba@not.so.argh.org>; "Ernesto Hernandez-Novich" <emhn@telcel.net.ve>;
"Finn-Arne Johansen" <faj@bzz.no>; "Djoumé SALVETTI" <salvetti@crans.org>;
"Steinar H. Gunderson" <sesse@debian.org>; "Andres Salomon"
<dilinger@voxel.net>
Sent: Wednesday, October 27, 2004 11:33 PM
Subject: forming a security team for testing
Reply to: