On Tue, 23 Nov 1999, David O'Brien wrote:
> > So when Joe Blow clicks on (say) src->bin->cat he'll find that
> > (say) markm eyballed the code and kris diffed it with OpenBSD
> > and merged in <blah> fixes - "cat now considered safe".
>
> Until the next commit to cat.
>
> A security review is never done. We need to be in a mode where every
> commit is suspect and people are compelled to review it. BDE's use of
> CTM to review changes is actually rather affective in this reguard.
We need to put audit tags into the source tree when a file is audited.
That allows the diffs to be audited later which should be a smaller job
and then the audit tag slides forward.
--
Doug Rabson Mail: [EMAIL PROTECTED]
Nonlinear Systems Ltd. Phone: +44 181 442 9037
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
