Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
This website is powered by Openwall GNU/*/Linux security-enhanced OS
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list] 
Date: Wed, 20 Feb 2008 17:51:47 -0800
From: Kees Cook <kees@...flux.net>
To: oss-security@...ts.openwall.com
Subject: Re: code review CVS

On Wed, Feb 20, 2008 at 12:28:44PM -0700, Vincent Danen wrote:
> I like the patch idea, however.  A "vendor patch" database of sorts
> would be nice (would save me from hunting from, say, ubuntu packages for
> a patch for something they already fixed, or looking at ubuntu for one,
> and SUSE for another because of version differences).

I'd really like to have at least a "how to find a patch for [distro],
release [version]".  I have an easier time finding Debian patches,
for example, since http://snapshot.debian.net/ exists.  Ubuntu is a
bit less patch-hunter-friendly in that regard, but we try to alway keep
patches external to from the source tree, so they're easy to locate from
change logs.  Doing this with src.rpms follows a similar convention,
but can sometimes get tricky too.  Finding them can sometimes be a chore
-- I always bang my head when looking for RHEL src.rpms.  :)

-Kees

-- 
Kees Cook                                            @outflux.net

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux