If somebody compromizes the Subversion (or CVS) repository, they can
potentially do commits without them going to the commit list, and
therefore introduce evil code. Hopefully this will be picked up, but
Freenet is quite large. If you want a non-java task to increase
freenet's security, I suggest a script that can cross-reference the CVS
list emails with the actual log from SVN/CVS, and flags up any
discrepancies. If such a thing already exists, I'd be very interested;
if it does not, some perl hacker who can't be bothered to learn java
could write it.
--
Matthew J Toseland - toad at amphibian.dyndns.org
Freenet Project Official Codemonkey - http://freenetproject.org/
ICTHUS - Nothing is impossible. Our Boss says so.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL:
<https://emu.freenetproject.org/pipermail/tech/attachments/20051008/62d63bbe/attachment.pgp>
