From owner-freebsd-audit  Thu Nov 30 20:50:25 2000
Delivered-To: freebsd-audit@freebsd.org
Received: from feral.com (feral.com [192.67.166.1])
	by hub.freebsd.org (Postfix) with ESMTP
	id 7F9CB37B400; Thu, 30 Nov 2000 20:50:23 -0800 (PST)
Received: from beppo (beppo [192.67.166.79])
	by feral.com (8.9.3/8.9.3) with ESMTP id UAA29118;
	Thu, 30 Nov 2000 20:50:27 -0800
Date: Thu, 30 Nov 2000 20:50:27 -0800 (PST)
From: Matthew Jacob <mjacob@feral.com>
Reply-To: mjacob@feral.com
To: Robert Watson <rwatson@FreeBSD.org>
Cc: audit@FreeBSD.org
Subject: Re: Solicitation for auditing process announcement
In-Reply-To: <Pine.NEB.3.96L.1001130234448.97425E-100000@fledge.watson.org>
Message-ID: <Pine.BSF.4.21.0011302047460.59011-100000@beppo.feral.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-audit@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


Well, that describes what I thought the audit list was supposed to be.

I'm just trying to figure out whether subscription to audit@ implies an
obligation to review things sent to audit@. That comes from the 'review on
demand' phrase.

However, your usage of 'drive-by commit' sounds to me that the audit@ list is
more like a get out of jail free card .... I was just curious what you meant
by the 'demand' portion. Really, just an idle question as I ponder which one
of my 8 different projects to desultorily whack on some more tonite.

On Thu, 30 Nov 2000, Robert Watson wrote:

> 
> On Thu, 30 Nov 2000, Matthew Jacob wrote:
> 
> > >indicating that audit@ is willing to do review-on-demand and should be
> > 
> > What does 'review on demand' mean?
> 
> It means that we're too laid back to have figured out rigorous, pro-active
> re-auditing of the source tree, and instead we sit there and wait until
> someone e-mails audit@ saying, ``I'm going to make the following stupid
> changes to the following setuid binaries, could you take a look and OK
> them before I drive-by commit them twenty minutes before the release?''
> 
> Robert N M Watson             FreeBSD Core Team, TrustedBSD Project
> robert@fledge.watson.org      NAI Labs, Safeport Network Services
> 
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message