From owner-freebsd-security@FreeBSD.ORG Tue Aug 12 18:06:33 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1126737B401 for ; Tue, 12 Aug 2003 18:06:33 -0700 (PDT) Received: from fubar.adept.org (fubar.adept.org [63.147.172.249]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7FC4D43F3F for ; Tue, 12 Aug 2003 18:06:32 -0700 (PDT) (envelope-from mike@adept.org) Received: by fubar.adept.org (Postfix, from userid 1001) id 5932915256; Tue, 12 Aug 2003 18:06:32 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by fubar.adept.org (Postfix) with ESMTP id 585A01524D for ; Tue, 12 Aug 2003 18:06:32 -0700 (PDT) Date: Tue, 12 Aug 2003 18:06:32 -0700 (PDT) From: Mike Hoskins To: security@freebsd.org In-Reply-To: <20030812085617.GA407@FreeBSD.org> Message-ID: <20030812180122.C96000@fubar.adept.org> References: <20030811133749.U27196@fubar.adept.org> <20030811232132.GB46629@madman.celabo.org> <20030812085617.GA407@FreeBSD.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: Re: realpath(3) et al X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Aug 2003 01:06:33 -0000 On Tue, 12 Aug 2003, Simon L. Nielsen wrote: > There is http://www.freebsd.org/auditors.html but it hasn't been updated for > a very long time. that's the one i was thinking of -- thanks. > BTW, if anybody really wants to start up the audit project again, I > think somebody should take a look at integrating some of the changes > OpenBSD has made. No reason to spend time finding the bugs OpenBSD has > already fixed. *sigh* i'd hoped the project was 'always' ongoing, and that sharing and/or integrating changes amongst the various BSD source trees would be commonplace. the fact that it's not clearly illustrates that our biggest enemey in the security game is ourselves. (by 'selves' i mean anyone who feels not sharing a security or bug fix is a good idea.) perhaps the page can not only be updated, but given more visibilitiy? i'd think something on the front page indicating our code base undergoes continuous audting would be... good. -mrh -- From: "Spam Catcher" To: spam-catcher@adept.org Do NOT send email to the address listed above or you will be added to a blacklist!