Date: Sun, 24 Feb 2008 23:13:29 -0700
From: Vincent Danen <vdanen@...sec.ca>
To: oss-security@...ts.openwall.com
Subject: Re: code review CVS

* [2008-02-25 02:52:37 +0300] Solar Designer wrote:

>On Mon, Feb 18, 2008 at 10:28:36AM +0100, Sebastian Krahmer wrote:
>> From my view it would be helpful to have some forum/CVS or whatever
>> where code reviewers can submit the code they already audited along
>> with remarks/exploits/patches etc.
>
>We don't yet have such a CVS (or similar) repository - and it is not
>obvious whether one is needed - but maybe you (and others) could start
>by using a namespace on the wiki for this?  The wiki includes support
>for file uploads - it's the "Add Images and other files" icon (picture
>in a frame) on top of the page edit area.  We have not yet tested this
>functionality, though (might need to add a chmod as we're running the
>wiki scripts under a dedicated UID and with umask 077).
>
>Obviously, you shouldn't upload entire source trees (tarballs?) in this
>way, but remarks, patches, and testcases may be uploaded.  Actually,
>the remarks are better edited on the wiki, which provides a structure
>(namespaces) and revision control.
>
>That way, we'll see if anyone actually contributes their audit results
>in this way.  Then, if there's specific demand for a CVS repository or
>whatever, that can be added as well.

I like this idea.  It definitely would be nice to know if the effort in
setting up cvs or svn or whatever would be worthwhile; i.e. if enough
people would use it to make it worth the possible effort/complexity to
maintain it.

To start off, I think the wiki would work quite well.  It probably
wouldn't scale well if it got wildly popular, but if there are only a
few people doing it, then maybe the wiki is all we need.

-- 
Vincent Danen @ http://linsec.ca/

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux