oss-sec mailing list archives
Re: code review CVS
From: Vincent Danen <vdanen () linsec ca>
Date: Mon, 18 Feb 2008 09:00:24 -0700
* [2008-02-18 10:28:36 +0100] Sebastian Krahmer wrote:
From my view it would be helpful to have some forum/CVS or whateverwhere code reviewers can submit the code they already audited along with remarks/exploits/patches etc. So everyone can match this against the version of the OSS project. In an ideal case their latest released version equals the version in the review CVS. It saves also the time to review files again which didnt change during versions.
This is an intriguing idea, but I wonder if a version control system is actually required, or if we could use the wiki itself for something like this. A code checkin of audited source might be nice for "pristine" code purposes, but then we almost duplicate an author's scm system. Would not a simple list of software be sufficient? For instance, something that listed: - software name - audited version - audit date - who did the audit - results of the audit (links to patches, whatever) Most authors keep old packages kicking around, so I don't think we need an scm for this. I mean, if you review foo-1.1 and it's ok, and someone indicates a vuln in foo-1.3, then one could easily download both foo-1.1 and foo-1.3 and just do a diff to see what's changed, right? Or do I miss something where a scm would be really valuable? -- Vincent Danen @ http://linsec.ca/
Attachment:
_bin
Description:
Current thread:
- code review CVS Sebastian Krahmer (Feb 18)
- Re: code review CVS Vincent Danen (Feb 18)
- Re: code review CVS Sebastian Krahmer (Feb 18)
- Re: code review CVS Vincent Danen (Feb 20)
- Re: code review CVS Kees Cook (Feb 20)
- Re: code review CVS Vincent Danen (Feb 20)
- Re: code review CVS Pierre-Yves Rofes (Feb 21)
- Re: code review CVS Mark J Cox (Feb 21)
- Re: code review CVS Kees Cook (Feb 21)
- Re: code review CVS Tomas Hoger (Feb 22)
- Re: code review CVS Kees Cook (Feb 22)
- Re: code review CVS Sebastian Krahmer (Feb 18)
- Re: code review CVS Vincent Danen (Feb 21)
- Re: code review CVS Vincent Danen (Feb 18)