> If I were Debian dictator (and I'm not even a debian developer, though I am
> what you guys call an "upstream developer" -- I'm on the GCC steering
> committee), I'd add a requirement that every package owner certify that he
> has checked the package s/he maintains for a list of common security
> problems, and that all problems found have been fixed.
>
Sounds like a good idea. I'm not a Debian developer either (I'm in the
NM queue), but I'd suggest that perhaps everyone who is accepted as a
new maintainer should be required to demonstrate a clear understanding
of common security holes as part of their "technical competency".
--
|> |= -+- |= |>
| |- | |- |\
Peter Eckersley
([EMAIL PROTECTED])
http://www.cs.mu.oz.au/~pde
for techno-leftie inspiration, take a look at
http://www.computerbank.org.au/
PGP signature
