From owner-freebsd-arch Fri Jul 27 12: 7:58 2001 Delivered-To: freebsd-arch@freebsd.org Received: from obsecurity.dyndns.org (adsl-64-169-104-149.dsl.lsan03.pacbell.net [64.169.104.149]) by hub.freebsd.org (Postfix) with ESMTP id 81CFC37B401; Fri, 27 Jul 2001 12:07:55 -0700 (PDT) (envelope-from kris@obsecurity.org) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id AED3166B25; Fri, 27 Jul 2001 12:07:54 -0700 (PDT) Date: Fri, 27 Jul 2001 12:07:54 -0700 From: Kris Kennaway To: David O'Brien Cc: Kris Kennaway , Mike Heffner , arch@FreeBSD.ORG Subject: Re: Importing lukemftpd Message-ID: <20010727120754.B34272@xor.obsecurity.org> References: <20010717103604.B79329@xor.obsecurity.org> <20010719112221.A84356@dragon.nuxi.com> <20010719123015.A44746@xor.obsecurity.org> <20010719203700.B94074@dragon.nuxi.com> <20010719210332.A78418@xor.obsecurity.org> <20010727101954.C43542@dragon.nuxi.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="24zk1gE8NUlDmwG9" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010727101954.C43542@dragon.nuxi.com>; from obrien@FreeBSD.ORG on Fri, Jul 27, 2001 at 10:19:54AM -0700 Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --24zk1gE8NUlDmwG9 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jul 27, 2001 at 10:19:54AM -0700, David O'Brien wrote: > On Thu, Jul 19, 2001 at 09:03:33PM -0700, Kris Kennaway wrote: > > You and John are being paid to work full-time on FreeBSD, and the > > projects you mentioned are projects you do during your >8 hours a day > > of paid FreeBSD hacking time. If you were working on these in your > > own time, say from 10pm at night after a hard day at work, >=20 > When we work >8 hours a day, we *are* working on XYZ in our own time. :-) And the project thanks you for it ;-) > > but the deeply > > embedded ones which rely on interactions between several different > > parts of the code. That requires someone to sit down for a week and > > really become intimate with the code, which isn't something that most > > people can do in their spare time for an hour or two here and there > > (which is why no-one's done this so far). >=20 > Who do you trust to do this review? Me? Anybody? Only members of the > S.O. team? Any of the typical contributors to -audit? Surely given your > stance on this issue, just anyone coming forward saying they've > "audited" the code will appease you. I'd want to be convinced that a thorough job has been spent looking for problems -- ultimately it comes down to someone I trust saying "I've gone through the code thoroughly and didn't find any more problems". A good indicator of this will probably be patches fixing problems in the code discovered during the audit :-) Kris --24zk1gE8NUlDmwG9 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7YbwJWry0BWjoQKURAuqkAJsFx0yjixhEG1jEswsJfdRQHmMPBwCeIpKp U+lnAAoE+L4/Tw8o7oMQ21A= =4dls -----END PGP SIGNATURE----- --24zk1gE8NUlDmwG9-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message