From owner-freebsd-current Tue Nov 23 14: 3:13 1999 Delivered-To: freebsd-current@freebsd.org Received: from relay.nuxi.com (nuxi.cs.ucdavis.edu [169.237.7.38]) by hub.freebsd.org (Postfix) with ESMTP id 6B642153A1; Tue, 23 Nov 1999 14:03:08 -0800 (PST) (envelope-from obrien@NUXI.com) Received: from dragon.nuxi.com (root@d60-025.leach.ucdavis.edu [169.237.60.25]) by relay.nuxi.com (8.9.3/8.9.3) with ESMTP id OAA44764; Tue, 23 Nov 1999 14:03:03 -0800 (PST) (envelope-from obrien@dragon.nuxi.com) Received: (from obrien@localhost) by dragon.nuxi.com (8.9.3/8.9.1) id OAA50032; Tue, 23 Nov 1999 14:03:03 -0800 (PST) (envelope-from obrien) Date: Tue, 23 Nov 1999 14:03:03 -0800 From: "David O'Brien" To: Mark Murray Cc: Kris Kennaway , current@FreeBSD.ORG Subject: Re: FreeBSD security auditing project. Message-ID: <19991123140303.B49964@dragon.nuxi.com> Reply-To: obrien@FreeBSD.ORG References: <199911232049.WAA82007@gratis.grondar.za> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <199911232049.WAA82007@gratis.grondar.za>; from mark@grondar.za on Tue, Nov 23, 1999 at 10:49:09PM +0200 X-Operating-System: FreeBSD 4.0-CURRENT Organization: The NUXI BSD group X-PGP-Fingerprint: B7 4D 3E E9 11 39 5F A3 90 76 5D 69 58 D9 98 7A X-Pgp-Keyid: 34F9F9D5 Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > So when Joe Blow clicks on (say) src->bin->cat he'll find that > (say) markm eyballed the code and kris diffed it with OpenBSD > and merged in fixes - "cat now considered safe". Until the next commit to cat. A security review is never done. We need to be in a mode where every commit is suspect and people are compelled to review it. BDE's use of CTM to review changes is actually rather affective in this reguard. -- -- David (obrien@NUXI.com) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message