From owner-freebsd-current Tue Nov 23 12:57:40 1999 Delivered-To: freebsd-current@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id E595114A21; Tue, 23 Nov 1999 12:57:38 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id D3D4E1CD424; Tue, 23 Nov 1999 12:57:38 -0800 (PST) (envelope-from kris@hub.freebsd.org) Date: Tue, 23 Nov 1999 12:57:38 -0800 (PST) From: Kris Kennaway To: Kelly Yancey Cc: Mark Murray , current@FreeBSD.ORG Subject: Re: FreeBSD security auditing project. In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Tue, 23 Nov 1999, Kelly Yancey wrote: > Need volunteers, eh? I can be suckered in to helping in regards to > building the web-based database for keeping track of the effor's progress. > I may be no security expert, but I can build database-driven web sites (I > should...it's my day job ;) ). > Let me know what I can do to help. Cool, we have a database guy! :) Let me throw in some ideas.. I think it would be very useful to have a database which can track submitted open/netbsd CVS commits (with the code diff included), preferably mapped to the relevant file in the freebsd tree if possible according to a path mapping table (i.e. /some/openbsd/path/file.c mapped to /equiv/freebsd.path/file.c). I guess this is more of a CVS interface along the lines of cvsweb..what we're really doing here is doing a (manual) partial merge of two CVS repositories. But, CVS is a kind of database, right? :) Also useful would be a review status of the freebsd tree. So (approved) people can "sign off" on a particular file or directory as having been reviewed as of a certain date, and we can work in a coordinated fashion. Hmm, again this sounds like a CVS tree, with reviews being tags. Maybe what we actually want is a better RCS system for FreeBSD. > > I'll get a mailing list going if this is deemed necessary. > > > > freebsd-security? :) Hmm, I think most of the traffic would be fairly off-topic for there. I think a separate freebsd-audit list (for discussion of relevancy of changes, discussion of bugs, etc) would be the way to go. Kris ---- Cthulhu for President! For when you're tired of choosing the _lesser_ of two evils.. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message