Henri <[EMAIL PROTECTED]> writes:Yes, of course. That would not make any sense to suggest to audit drakconf but not every *drake tool.
sorry, i don't have any idea of the time needed to audit something
like drakconf...
there's not so many points where we exec some process or write some files in drakconf, so this one is easy.
but when you talk about drakconf, i suspect you really want to says
"drakconf + all the toolts it runs", don't you ?
this is of course much more workOf cours ! Building a secure, easy, optimized...ecc OS is definitly a long and hard work !
Why not trying to develop some partnership with engineer schools ? I think mandrake team could go and meet students, offering Cooker CDs and ask students to test it, or organize a "debug party" : one day with students and mandrake team, testing things and correcting bugs "on the fly" : that would be great for students, would be a good publicity, and would be useful...
I agree that performing an audit on Mandrake tools is important,Not every sofware : i was only asking about specific mandrake tools
it's laughable to suggest we audit every piece of software we
include.
and "critical" ones : i think about verifying a last time, just
before releasing, that permissions on tools installed in /sbin/ and
/usr/sbin are correct, for example...
If fact, my question is : what is done about security before a new
release ? Is there a specific "security last step", as there is a
features freeze ecc. ?
not much is done.
it may be good that such works is done by people other than mdk
developers.
it would be nice if some volunters check and reports strange things
Of course this does not concerns security fixes. But if students are in the abbit of working with mandrake, perhaps they will have the idea to join or create projects around it.
