Op 18-06-15 om 10:30 schreef Bernhard Reiter: > We all know that the review that is actually happening > is really important for raising the quality of software. > Free Software always enables third party peer review, > which makes it an important precondition for good security. > > Here is an example where the peer review of Debian > found an issue that - most likely - slipped the Google devs. > > Chromium suddenly starts downloading a binary blob > http://lwn.net/SubscriberLink/648392/d7e8ee05cd5977e5/ > > You'll get the relevant links from the above article and its comments.
It's nice to see this blob is found. Packaging software is something else then doing a peer review. I think it's not really difficult to bring something what's bad into Debian when you have money enough, or when you are mean enough to blackmail a DD. For that reason I think peer reviews are important. I would like to see them listed with names and what code was checked. More automatic tests are great too. With regards, Paul van der Vlis. -- Paul van der Vlis Linux systeembeheer Groningen https://www.vandervlis.nl/ _______________________________________________ Discussion mailing list [email protected] https://mail.fsfeurope.org/mailman/listinfo/discussion
