I'm definately not a developer but more a Debian enthusiast. Here is my thinking and it may not be correct.
1. If someone is going to develop software for debian they should be allowed even if they do not know how to secure it properly. Since people are volunteering I would hate to tell someone that they shouldn't volunteer for software development. 2. It is a good idea however to set seperate software that has been tested for good security practices. As an idea software can not be made stable until it has gone through rigorous testing. That's my $.02 as a non developer. -Scott -- Scott Sawyer Systems Engineer for VALinux Systems Member of LUNA (Linux Users of Northern Arizona) General Computer Geek On Fri, 29 Dec 2000, Peter Eckersley wrote: > > If I were Debian dictator (and I'm not even a debian developer, though I am > > what you guys call an "upstream developer" -- I'm on the GCC steering > > committee), I'd add a requirement that every package owner certify that he > > has checked the package s/he maintains for a list of common security > > problems, and that all problems found have been fixed. > > > > Sounds like a good idea. I'm not a Debian developer either (I'm in the > NM queue), but I'd suggest that perhaps everyone who is accepted as a > new maintainer should be required to demonstrate a clear understanding > of common security holes as part of their "technical competency". > > -- > > |> |= -+- |= |> > | |- | |- |\ > > Peter Eckersley > ([EMAIL PROTECTED]) > http://www.cs.mu.oz.au/~pde > > for techno-leftie inspiration, take a look at > http://www.computerbank.org.au/ >
