Re: crappy mouse patch from security perspective
In-line :-
2011/1/9 Sam Kuper <sam.kuper@uclmail.net>:
> Hi Shirish,
Hi Sam,
<snipped>
> I'm not sure the community will look too sympathetically on this request.
> Unless Jim Hill is the upstream committer, someone else will audit at any
> upstream patch eventually, but if you want help faster than that, I can
> think of two options that might be more fruitful for you:
>
> Ask instead for help understanding the code in the patch. It's the "give a
> man a fish and you feed him for a day; teach him to fish and you feed him
> for life" principle: people are much more likely to volunteer to help you
> learn to perform patch audits than they are to volunteer to carry out patch
> audits for you. They might not hold your hand all the way, but I expect
> they'd at least try to help you get started. If you want real-time
> assistance with this sort of thing, IRC might be a good option.
> Pay a programmer to audit the patch for you: e.g. either someone you know or
> someone from a company you trust.
hmm..... true true. While I do understand I don't think I'm capable
enough for the 'understanding the code' part of thing. This is on top
of my head but are there any tools which one could run on any code and
atleast know of the obvious or maybe not so obvious issues.
Sometimes ago I came to know about 'debsigs' 'debsig-verify' and
specifically 'debsums' but almost all of them are when it is a debian
package. Nothing about a use-case like mine.
> Good luck with your quest!
> - spk
Note for Ashely :- While what you say might be true where you are
located, in India getting a good optical mouse can set you quite a bit
(no bells and whistles).
--
Regards,
Shirish Agarwal शिरीष अग्रवाल
My quotes in this email licensed under CC 3.0
http://creativecommons.org/licenses/by-nc/3.0/
http://flossexperiences.wordpress.com
065C 6D79 A68C E7EA 52B3 8D70 950D 53FB 729A 8B17
Reply to: