On Wed, 2004-11-03 at 20:56 +1100, Jeff Waugh wrote: > <quote who="O Plameras"> > > > Jeff, security I take seriously. I want to be satisfied that there is > > nothing in the source codes that compromises. > > Have you read the entire Linux kernel sources? Do you read the entire diff > of every upgrade you perform? Do you think that you are more qualified and > capable of doing so than the kernel development community, distribution > maintenance and security teams?
I was thinking about doing a short talk on this at slug. There was a /. article that spiked my interest about 1 month ago. There are some interesting ideas out there plus personal experience of how review really works. For example, review by senior programmer fails to identify strdup implementation that fails to account for null byte for MVS was todays catch. -- Ken Foskey -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
