oss-sec mailing list archives
Re: code review CVS
From: Vincent Danen <vdanen () linsec ca>
Date: Wed, 20 Feb 2008 12:28:44 -0700
* [2008-02-19 08:35:44 +0100] Sebastian Krahmer wrote:
On Mon, Feb 18, 2008 at 09:00:24AM -0700, Vincent Danen wrote: I am not sure if a cvs or something like a -AUDITED branch would be the right way, since it might not be obvious which older versions were reviewed too if new versions are commited. Maybe a wiki with patch subdir and link to the reviewed CVS version/branch will suffice. Need to play around :) On the other hand if such a project grows you can have a complete distro you can check out and you always see which parts of a distro or larger project are reviewed such as apache w/o certain modules. problem is that such partial reviews may stop to compile upon checkout.
Hmmm... I'm not sure I'm completely following you here. I like the patch idea, however. A "vendor patch" database of sorts would be nice (would save me from hunting from, say, ubuntu packages for a patch for something they already fixed, or looking at ubuntu for one, and SUSE for another because of version differences). That doesn't really concentrate on *auditing* however, but I could see how the two could work well together under one common implementation. -- Vincent Danen @ http://linsec.ca/
Attachment:
_bin
Description:
Current thread:
- code review CVS Sebastian Krahmer (Feb 18)
- Re: code review CVS Vincent Danen (Feb 18)
- Re: code review CVS Sebastian Krahmer (Feb 18)
- Re: code review CVS Vincent Danen (Feb 20)
- Re: code review CVS Kees Cook (Feb 20)
- Re: code review CVS Vincent Danen (Feb 20)
- Re: code review CVS Pierre-Yves Rofes (Feb 21)
- Re: code review CVS Mark J Cox (Feb 21)
- Re: code review CVS Kees Cook (Feb 21)
- Re: code review CVS Tomas Hoger (Feb 22)
- Re: code review CVS Kees Cook (Feb 22)
- Re: code review CVS Sebastian Krahmer (Feb 18)
- Re: code review CVS Vincent Danen (Feb 21)
- Re: extracting patches from SRPMs (Was: code review CVS) (GalaxyMaster) (Feb 21)
- Re: code review CVS Vincent Danen (Feb 18)