On Tue, May 20, 2008 at 05:21:07PM -0300, Luciano Bello wrote: > I was thinking about the Debian/OpenSSL debacle. Clearly it not easy to > manage a hard meticulous QA process in all packages. In the other hand, there > are packages more critical than others, which are more delicate to security.
The more I think at this proposal of yours, the more I get convinced that the only reasonable definition of delicate is "used by a lot of people" (i.e. score high in popcoon). As previously noted in this thread other criteria are subjective, and even apparently innocuous packages can open the flank to really serious security problems. So, basically, I welcome your proposal, but IMO its simplest and most effective implementation would be: ``packages scoring high in popcon have to be maintained by teams using some Vcs-*''. To that feel free to add the bells and whistles you want (like valgrind :-P). Cheers. -- Stefano Zacchiroli -*- PhD in Computer Science ............... now what? [EMAIL PROTECTED],cs.unibo.it,debian.org} -<%>- http://upsilon.cc/zack/ (15:56:48) Zack: e la demo dema ? /\ All one has to do is hit the (15:57:15) Bac: no, la demo scema \/ right keys at the right time
signature.asc
Description: Digital signature
