From owner-freebsd-audit Thu Nov 30 20:16:28 2000 Delivered-To: freebsd-audit@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id E38D437B400; Thu, 30 Nov 2000 20:16:24 -0800 (PST) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.11.1/8.11.1) with SMTP id eB14GNf06909; Thu, 30 Nov 2000 23:16:24 -0500 (EST) (envelope-from robert@fledge.watson.org) Date: Thu, 30 Nov 2000 23:16:23 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org To: audit@FreeBSD.org Cc: security-officer@FreeBSD.org Subject: Solicitation for auditing process announcement Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG John Baldwin made the recommendation that we should be more generally announcing and recommending the use of audit@ as a source of reviews. As such, I'd like for us to send out a two-fold announcement, first indicating that audit@ is willing to do review-on-demand and should be used, especially for security-oriented commits (changes to kernel security code, daemons running with privilege, and setugid binaries). Also, to appeal for those willing to help do code reviews for security purposes. I'll probably draft something up tomorrow, but wanted to solicit comments on the best way to phrase it, what ideas I should be presenting, and so on. I'd really like to pursuade our less security-sensitive committers that there is a reviewing resource available that can help improve their code, and pursuade those willing to do reviews that this can be a forum for doing so. Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message