--- David Graham <[EMAIL PROTECTED]> wrote: > --- "Gregory F. March" <[EMAIL PROTECTED]> wrote: > > > > I seem to have successfully pushed Struts in my company (a big Wall > > St. bank). However, today, I was asked the following question: > > > > How can I guarantee that there are no hacks, bombs, etc. in the > > Struts code or any OS code for that matter? > > > > My immediate response was, how can you guarantee it for any code? > > However, being a large bank with literally trillions of dollars a day > > passing though our systems, I can definitely understand their concern. > > > > At a minimum, we will obtain the source code and at least do a minimal > > code walk-through and then compile our own binaries. > > > > What other guarantees can I make to my management? What is the > process > > the Struts team uses to control a rogue contributor? > > There are rather few committers than can change the code base (roughly > 10-15 people). All commits are mailed to struts-dev for the team to > review. Even if Struts were secretly hacked, it isn't all that much > code > to review anyways (about 14,000 lines of non-test/example code).
Actually, that line count may be incorrect. I was using an Eclipse plugin for the metrics but the numbers don't seem to add up. The point is that it's a *relatively* small amount of code. >You > could narrow your code review to only the packages you'll actually be > using. > > You will always have access to the source to do security reviews unlike > proprietary commercial software :-). > > David > > > > > Thanks, > > > > /greg > > > > -- > > Gregory F. March -=- http://www.gfm.net:81/~march -=- > > AIM:GfmNet > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > __________________________________ > Do you Yahoo!? > Yahoo! SiteBuilder - Free, easy-to-use web site design software > http://sitebuilder.yahoo.com > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
