On Tue, Apr 18, 2006 at 07:30:59AM +0200, Uwe Hermann wrote:
> Hi,
>
> I finally found the time to read it too. Good paper, IMHO :)
I'm glad you liked it.
> I think lots of practical and real examples (e.g. from previous DSAs)
> would be nice. Show the insecure code, show how you can find such
> a (security-related) bug, and show how it was fixed by the DSA...
That's what I should be preparing for the workshop so I can show people some
examples. If you guys want to bring up to my attention some DSAs that were
not discussed in this list please do so. I will try to point to some examples
of: bad design and bad programming practices and show the DDs attending how
to spot those in their own packages.
> Oh, and at the end of the talk/workshop recruit a bunch of people for
> debian-audit ;) You're absolutely right, the limiting factor is manpower.
It would be great if more people jumped in.
Regards
Javier
signature.asc
Description: Digital signature
_______________________________________________
Debian-audit mailing list
Debian-audit@xxxxxxxxxxxxx
http://shellcode.org/mailman/listinfo/debian-audit
|
