On Thu, Dec 28, 2000 at 08:46:23PM -0700, John Galt wrote:
[ all developers should audit their code ]
> >
> > Sounds lovely, in theory. However, judging by the number of open bugs
> > in some packages, out of date packages, etc, what makes you think
> > developers would take this more seriously?
On Thu, 28 Dec 2000, Andres Salomon wrote:
> On Thu, Dec 28, 2000 at 04:46:00PM -0800, Joe Buck wrote:
> >
> > Notice that security holes fall into classes? One category of hole
> > should be easy to eliminate from Debian by instituting a code auditing
> > requirement. I'm referring to insecure
On Thu, Dec 28, 2000 at 04:46:00PM -0800, Joe Buck wrote:
>
> Notice that security holes fall into classes? One category of hole
> should be easy to eliminate from Debian by instituting a code auditing
> requirement. I'm referring to insecure creation of temporary files,
> allowing for symlink a
I'm definately not a developer but more a Debian enthusiast. Here is my
thinking and it may not be correct.
1. If someone is going to develop software for debian they should be
allowed even if they do not know how to secure it properly. Since people
are volunteering I would hate to tell someo
> If I were Debian dictator (and I'm not even a debian developer, though I am
> what you guys call an "upstream developer" -- I'm on the GCC steering
> committee), I'd add a requirement that every package owner certify that he
> has checked the package s/he maintains for a list of common security
>
On Thu, 28 Dec 2000, Andres Salomon wrote:
> On Thu, Dec 28, 2000 at 04:46:00PM -0800, Joe Buck wrote:
> >
> > Notice that security holes fall into classes? One category of hole
> > should be easy to eliminate from Debian by instituting a code auditing
> > requirement. I'm referring to insecur
On Thu, Dec 28, 2000 at 04:46:00PM -0800, Joe Buck wrote:
>
> Notice that security holes fall into classes? One category of hole
> should be easy to eliminate from Debian by instituting a code auditing
> requirement. I'm referring to insecure creation of temporary files,
> allowing for symlink
Notice that security holes fall into classes? One category of hole
should be easy to eliminate from Debian by instituting a code auditing
requirement. I'm referring to insecure creation of temporary files,
allowing for symlink attacks. Now that we all know what this hole looks
like, it should be
I'm definately not a developer but more a Debian enthusiast. Here is my
thinking and it may not be correct.
1. If someone is going to develop software for debian they should be
allowed even if they do not know how to secure it properly. Since people
are volunteering I would hate to tell some
> If I were Debian dictator (and I'm not even a debian developer, though I am
> what you guys call an "upstream developer" -- I'm on the GCC steering
> committee), I'd add a requirement that every package owner certify that he
> has checked the package s/he maintains for a list of common security
Notice that security holes fall into classes? One category of hole
should be easy to eliminate from Debian by instituting a code auditing
requirement. I'm referring to insecure creation of temporary files,
allowing for symlink attacks. Now that we all know what this hole looks
like, it should b
11 matches
Mail list logo
