On Fri, 1 Aug 2003 13:46:48 -0400, Joey Hess <[EMAIL PROTECTED]> said:
> Here's a draft policy proposal. If this looks ok I'll submit it to > the policy group. > Proposal: [DRAFT] require peer review for setuid and setgid program > introduction > Setuid and setgid programs are one of the main causes of security > holes and DSA's in Debian. Often these holes can be spotted easily > with a simple review. Sometimes setuid/gid programs can be modified > in fairly simple ways to not need these dangerous permissions at > all. A few well-trained eyes looking over a package before it goes > into the distribution and becomes a security risk can make all the > difference. > So, I propose that any new setuid or setgid programs should be > reviewed by a team of interested people before being put into the > distribution. In discussions on debian-devel, we agreed this was a > good idea, and that debian-security is the appropriate list for > these reviews. The reviewers will be whoever is interested, which > currently includes at least one member of the security team, and one > of our most prolific security auditors. > Note the paralell with the existing requirement that essential > packages be discussed on debian-devel. This seems like a good practice kind of recommendation, not an requirement, and as such, may be better suited to be included in developers reference rather than policy, don't you think? manoj -- The Bird of Time has but a little way to fly ... and the bird is on the wing. Omar Khayyam Manoj Srivastava <[EMAIL PROTECTED]> <http://www.debian.org/%7Esrivasta/> 1024R/C7261095 print CB D9 F4 12 68 07 E4 05 CC 2D 27 12 1D F5 E8 6E 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C