On Thu, Jun 14, 2001 at 05:11:00PM -0500, Steve Greenland wrote: > On 14-Jun-01, 14:30 (CDT), Miquel Mart?n L?pez <[EMAIL PROTECTED]> wrote: > > And changing topic, how about that code-revieu debian list? It sure sounds > > interesting, and many of us would learn a great deal :) Debian gurus out > > there, let's give it a shot! Where/who can we contact? > > I've submitted a bug against lists.debian.org asking that it be created. > It's #100907. If I don't get a response in a few days I may just create > it on my hosting system.
I think that code review would be an excellent part of debian, in much the same way as openBSD does it. More than just a list, I'd like to see it as part of project, like the Debian Documentation Project, etc al. I got on that line of thinking when I noticed the recent rash of printf format string exploits. Now, any programmer who introduces such an exploit needs a LART in a big way, but becides that, a couple of people with grep and some regex's could eliminate all of those exploits in every debian package without a huge of work. That alone would increase debian's security significantly, and I wouldn't be suprised if the success of such a project quickly gained an interest in code review that could start stamping out some of the more subtle bugs. Just a thought. -- Jordan Bettis <http://www.hafd.org/~jordanb/> Pray: To ask that the laws of the universe be annulled in behalf of a single petitioner, who is confessedly unworthy. -- Ambrose Bierce
