[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] code review CVS
From: Vincent Danen <vdanen () linsec ! ca>
Date: 2008-02-25 6:13:29
Message-ID: 1203920130.27022.TMDA () linsec ! ca
[Download RAW message or body]
* [2008-02-25 02:52:37 +0300] Solar Designer wrote:
>On Mon, Feb 18, 2008 at 10:28:36AM +0100, Sebastian Krahmer wrote:
>> From my view it would be helpful to have some forum/CVS or whatever
>> where code reviewers can submit the code they already audited along
>> with remarks/exploits/patches etc.
>
>We don't yet have such a CVS (or similar) repository - and it is not
>obvious whether one is needed - but maybe you (and others) could start
>by using a namespace on the wiki for this? The wiki includes support
>for file uploads - it's the "Add Images and other files" icon (picture
>in a frame) on top of the page edit area. We have not yet tested this
>functionality, though (might need to add a chmod as we're running the
>wiki scripts under a dedicated UID and with umask 077).
>
>Obviously, you shouldn't upload entire source trees (tarballs?) in this
>way, but remarks, patches, and testcases may be uploaded. Actually,
>the remarks are better edited on the wiki, which provides a structure
>(namespaces) and revision control.
>
>That way, we'll see if anyone actually contributes their audit results
>in this way. Then, if there's specific demand for a CVS repository or
>whatever, that can be added as well.
I like this idea. It definitely would be nice to know if the effort in
setting up cvs or svn or whatever would be worthwhile; i.e. if enough
people would use it to make it worth the possible effort/complexity to
maintain it.
To start off, I think the wiki would work quite well. It probably
wouldn't scale well if it got wildly popular, but if there are only a
few people doing it, then maybe the wiki is all we need.
--=20
Vincent Danen @ http://linsec.ca/
[Attachment #3 (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic