Well, the list has been quite dead for some time so I just though I could
inform on some progress I've been doing:
- I've been running the script I provided to audit all the Debian packages
available
- I've seen that some packages cannot be adequetely audited because they do
not provide sources or because RATS fails miserably on those
- I'm currently trying to integrate the report generation with
buildd/wanna-build so I could actually use a similar mechanims to generate
reports based on unpacked sources (after they are compiled) to work around
the issues above. I have finally been able to setup a local buildd to do
this [1].
I plan to put up all the reports at people.debian.org/~jfs/audit so other
can take a look at them and maybe wrap them in a similar way as to how
lintian reports are provided. I still need a way to produce appropiate
metrics for these, though.
Has anyone worked a way to produce metrics (defects per line of code, for
example) using the Audit perl module? I would be great to be able to order
packages based on, for example, priority (base, standard...) and their
defects metrics so that security bugs in higher priority (and buggy)
packages is fixed first.
Regards
Javier
[1] Which I'm considering using also to provide Debian packages with SSP
buffer overflow protection based on Steve's patches and a gcc wrapper
signature.asc
Description: Digital signature
|
