Date: Sun, 16 Jul 2000 16:18:26 -0700 (PDT) From: Kris Kennaway <kris@FreeBSD.org> To: Bill Fumerola <billf@chimesnet.com> Cc: Will Andrews <andrews@technologist.com>, Jeroen Ruigrok van der Werven <jruigrok@via-net-works.nl>, Hajimu UMEMOTO <ume@FreeBSD.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: ports/sysutils/gkrellm/files md5 Message-ID: <Pine.BSF.4.21.0007161616580.93924-100000@freefall.freebsd.org> In-Reply-To: <20000716182932.I51462@jade.chc-chimes.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 16 Jul 2000, Bill Fumerola wrote:
> > Besides which, your logic is flawed. Since we cannot audit all source code
> > in the tree, we should audit none of it? *Anything* we catch is a win.
>
> At what cost of resources? What happens when someone (either the legit author
> or the Bad Guy who added the backdoor) runs indent(1) on the code too? If
> it's easy to see what changed then I'll mention it in my commits, but I'm not
> going to spend any great amount of time just to find out that the author now
> likes to use some different style or that he slipped in a few bugfixes.
If it's a significant change, then that's fine..just summarize what you
make of it in the commitlogs. The point is you should at least eyeball it
for anything which looks suspicious.
Kris
--
In God we Trust -- all others must submit an X.509 certificate.
-- Charles Forsythe <forsythe@alum.mit.edu>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0007161616580.93924-100000>