On Mon, May 08, 2006 at 01:20:39AM +0200, Uwe Hermann wrote:
> Hi,
>
> I wonder whether there is any infrastructure for regular, automated security
> checks or at least heuristics and statistics somewhere in Debian?
> Something like the lintian.debian.org which generates nice webpages with
> statistics and stuff?
Well, we have not done but talked about it a while back. I had some things
done but not yet a "product"
> I recently stumbled over bogosec which basically runs flawfinder, rats
> and ITS4 on packages and tries to generate metrics...
Looks *very* interesting.
> I imagine something like that (amended with more tools, e.g. bfbtester,
> pscan etc. etc.) could be useful to get an impression on the overall
> quality of packages and Debian as a whole, and/or to find "juicy" targets
> for audits...
I agree wholeheartedly and would really love this to go through. If you are
going to MX we could discuss about it there.
Regards
Javier
signature.asc
Description: Digital signature
_______________________________________________
Debian-audit mailing list
Debian-audit@xxxxxxxxxxxxx
http://shellcode.org/mailman/listinfo/debian-audit
|
