On Thu, Jul 31, 2003 at 12:55:28PM -0400, Joey Hess wrote: > I also think it would be a good idea for policy to require all setuid/gid > bit grants to go through this or another list for peer review, much as > pre-depends are supposed to.
I absolutely support this idea. All set[ug]id setups should be reviewed before they go in the archive, and I volunteer to do the review (though I hope that others will help). Does this need a proposal to go into policy with the same force as the existing pre-depends verbiage? -- - mdz