On Tue, Sep 20, 2011 at 2:34 PM, Shane Curcuru <a...@shanecurcuru.org> wrote:
> So... has anyone actually run Apache RAT yet? It has a scan only mode > which I'd think would be the simplest place to start. > > it's on my todo list to take a look on it, probably i will come back with questions Juergen > Personally, I'd recommend working on basic RAT scans, with the scripts to > run them and any exception rules (for known files, etc.) all checked into > SVN with the build tools for the code. But hey, it's easy for me to suggest > "we" do stuff, when I only currently have time to be a mentor and thus can > get away with just making suggestions. 8-) > > I like the general concept of storing the IP type for files in SVN > properties; although properties are easy to change, Apache does have a > strong history of being able to provide oversight for commit logs throughout > a project's history. > > - Shane >