Date: Wed, 24 Nov 1999 00:40:10 -0700 From: Warner Losh <imp@village.org> To: peter.jeremy@alcatel.com.au Cc: "David O'Brien" <obrien@FreeBSD.ORG>, current@FreeBSD.ORG Subject: Re: FreeBSD security auditing project. Message-ID: <199911240740.AAA18824@harmony.village.org> In-Reply-To: Your message of "Wed, 24 Nov 1999 10:19:37 %2B1100." <99Nov24.101250est.40341@border.alcanet.com.au> References: <99Nov24.101250est.40341@border.alcanet.com.au> <99Nov24.075703est.40331@border.alcanet.com.au> <Pine.BSF.4.21.9911231412030.46173-100000@hub.freebsd.org> <19991123142626.D49964@dragon.nuxi.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <99Nov24.101250est.40341@border.alcanet.com.au> Peter Jeremy writes: : I suspect that a 'cvs diff' of the OpenBSD code tree is the best : starting point. As a veteran of that war, I think you underestimate that task be about a few orders of magnitude. A better starting point I've found to be the ChangeLog files in the CVSROOT directory of the openbsd tree. After a while, you get a good nose for reading them to know what is important and what isn't. Once you hit a program that has had one fix, it is most productive, I've found, to integrate all the security and bug fixes things you can find in that program, and then reaudit the hell of out of it in case you introduce something bogus. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199911240740.AAA18824>