Date: Fri, 27 Jul 2001 12:07:54 -0700 From: Kris Kennaway <kris@obsecurity.org> To: David O'Brien <obrien@FreeBSD.ORG> Cc: Kris Kennaway <kris@obsecurity.org>, Mike Heffner <mheffner@vt.edu>, arch@FreeBSD.ORG Subject: Re: Importing lukemftpd Message-ID: <20010727120754.B34272@xor.obsecurity.org> In-Reply-To: <20010727101954.C43542@dragon.nuxi.com>; from obrien@FreeBSD.ORG on Fri, Jul 27, 2001 at 10:19:54AM -0700 References: <XFMail.20010716212454.mheffner@novacoxmail.com> <20010717103604.B79329@xor.obsecurity.org> <20010719112221.A84356@dragon.nuxi.com> <20010719123015.A44746@xor.obsecurity.org> <20010719203700.B94074@dragon.nuxi.com> <20010719210332.A78418@xor.obsecurity.org> <20010727101954.C43542@dragon.nuxi.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--24zk1gE8NUlDmwG9 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jul 27, 2001 at 10:19:54AM -0700, David O'Brien wrote: > On Thu, Jul 19, 2001 at 09:03:33PM -0700, Kris Kennaway wrote: > > You and John are being paid to work full-time on FreeBSD, and the > > projects you mentioned are projects you do during your >8 hours a day > > of paid FreeBSD hacking time. If you were working on these in your > > own time, say from 10pm at night after a hard day at work, >=20 > When we work >8 hours a day, we *are* working on XYZ in our own time. :-) And the project thanks you for it ;-) > > but the deeply > > embedded ones which rely on interactions between several different > > parts of the code. That requires someone to sit down for a week and > > really become intimate with the code, which isn't something that most > > people can do in their spare time for an hour or two here and there > > (which is why no-one's done this so far). >=20 > Who do you trust to do this review? Me? Anybody? Only members of the > S.O. team? Any of the typical contributors to -audit? Surely given your > stance on this issue, just anyone coming forward saying they've > "audited" the code will appease you. I'd want to be convinced that a thorough job has been spent looking for problems -- ultimately it comes down to someone I trust saying "I've gone through the code thoroughly and didn't find any more problems". A good indicator of this will probably be patches fixing problems in the code discovered during the audit :-) Kris --24zk1gE8NUlDmwG9 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7YbwJWry0BWjoQKURAuqkAJsFx0yjixhEG1jEswsJfdRQHmMPBwCeIpKp U+lnAAoE+L4/Tw8o7oMQ21A= =4dls -----END PGP SIGNATURE----- --24zk1gE8NUlDmwG9-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010727120754.B34272>