OK,
as everyone knows, Sarge is out now. The Debian Security Audit Project
helped improve the security and quality of that release, especially
regarding setuid/gid programs and /tmp bugs in all kinds of programs
but also in other areas.
Next up is Etch. Do you want to set any goals for the Project
(finding at least X bugs leading to the publication of a DSA before
Etch is released, auditing all PHP scripts in Etch for include() bugs,
other goals) or should we go on as we do? We obviously achieve things
without goals, but if we set goals to work towards we might achieve
more.
What does everyone think?
// Ulf
|
