Date: Mon, 2 Jun 2008 19:41:05 +0200 From: Nico Golde <oss-security+ml@...lde.de> To: oss-security@...ts.openwall.com Subject: Re: code reviews (was: ARP handler Inspection tool released) Hi Andrea, * Andrea Barisani <lcars@...rt.org> [2008-06-02 19:17]: > On Mon, Jun 02, 2008 at 06:53:20PM +0200, Nico Golde wrote: > > At least for Debian there is an audit project > > (http://www.debian.org/security/audit/) which is not really > > active anymore though. As far as I know Gentoo has a similar > > project. What about replacing those by an oss-security-audit > > project? I don't think oCert is the solution to audit > > requests as it simply lacks of enough manpower to do that in > > an organized fashion. > > With all due respect, how exactly do you know that? :) Just a wild guess, audits are time consuming and you are all employed ;) This was in no way meant to discredit oCert lacking of manpower in general. I just didn't had the impression you guys have the time to focus on source code audits in the first place but mostly on coordination. Sorry if this is wrong! Cheers Nico -- Nico Golde - http://www.ngolde.de - nion@...ber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.