Henri <[EMAIL PROTECTED]> writes: > sorry, i don't have any idea of the time needed to audit something > like drakconf...
there's not so many points where we exec some process or write some files in drakconf, so this one is easy. but when you talk about drakconf, i suspect you really want to says "drakconf + all the toolts it runs", don't you ? this is of course much more work > > I agree that performing an audit on Mandrake tools is important, > > it's laughable to suggest we audit every piece of software we > > include. > > Not every sofware : i was only asking about specific mandrake tools > and "critical" ones : i think about verifying a last time, just > before releasing, that permissions on tools installed in /sbin/ and > /usr/sbin are correct, for example... > If fact, my question is : what is done about security before a new > release ? Is there a specific "security last step", as there is a > features freeze ecc. ? not much is done. it may be good that such works is done by people other than mdk developers. it would be nice if some volunters check and reports strange things
