Ros-dev

ros-dev@reactos.org

5788 discussions

by Ged Murphy

Hi all. Would someone be willing to put a flow chart together on moving code from the main branch to the audited branch. I think if something like this is put in place, it would ensure everyone was operating in the same manner. Pasted from IRC when discussing the audit methodologies: <GedMurphy> I understand what qualifies for being 'unclean' (which it seems most of ReactOS will be initially), in which case it should be placed into the intermediate repository. However it isn't clearly stated what happens then. If documentation can't be located or test cases aren't written, how is that code further analized? <sedwards> If the code is 'unclean' then someone need to mark themselves down to rewrite it on the audit page <GedMurphy> but what if it's not unclean, but there is no documentation for it? Is it automatically deemed to be unclean in that case? <GedMurphy> e.g. Exception wrote most of the original part of the network stack. I'm positive this was done in a clean manner, but where are the docs? Does he still have them? What happens if there aren't any or they have been lost? <GedMurphy> does rewriting them automatically mean that code is then ok? <GedMurphy> senario 2. No docs can be found, but someone writes some. If that code was ripped from Windows assemblies but we provide docs, that code might get through. However it doesn't get around the fact that it's been 'borrowed' from Windows dissasemblies. <GedMurphy> at what point in the audit is the code checked for similarities to the Windows counterpart, if at all? <GedMurphy> This is what I mean by set methodologies. Something should be laid down, like a flow chart I would offer to do it, but I think one of our more experienced dev would make a better job. Maybe someone who has done something like this before. I was hoping for one to follow for myself to make sure I don't drop a b*ll*ck :) Ged.

18 years, 11 months

Re: [ros-dev] Undocumented APIs

by David Eckert

I agree highly with Alex, I honestly think that ReactOS has lost complete focus on what their intentions were originally, I think it is time to go into discussion regarding the re-evaluation of the projects primary goals are, this is not good if it is left unmanaged, but on the other hand, it still would be kind of neat for someone to "re-invent the wheel" Windows NT wouldn't it? ;) -- -David W. Eckert

18 years, 11 months

RE: [ros-dev] GetGlyphOutline

by Murphy, Ged (Bolton)

Maarten Bosma wrote: > Why do you want to close all bugs ? Most of them will be > still vaild > after the audit. I'd say the better solution is to add them to the > patch category. I agree with Steven. This is a good time to restart bugzilla, as it was a mess. Many of the bugs are going to be invalid, or giving different results after the audit. There will also be many new bugs introduced. It's easier to just restart it than keep tabs on the old tree. We should keep better control over it next time. ************************************************************************ The information contained in this message or any of its attachments is confidential and is intended for the exclusive use of the addressee. The information may also be legally privileged. The views expressed may not be company policy, but the personal views of the originator. If you are not the addressee, any disclosure, reproduction, distribution or other dissemination or use of this communication is strictly prohibited. If you have received this message in error, please contact postmaster(a)exideuk.co.uk <mailto:postmaster@exideuk.co.uk> and then delete this message. Exide Technologies is an industrial and transportation battery producer and recycler with operations in 89 countries. Further information can be found at www.exide.com

18 years, 11 months

EventLog documentation

by Saveliy Tretiakov

Hello. I've put some EventLog links on the wiki: http://www.reactos.org/wiki/index.php/EventLog

18 years, 11 months

RE: [ros-dev] Undocumented APIs

by Murphy, Ged (Bolton)

D. Hazelton wrote: > Someone mentioned that regedit might be a piece of code which > is the only one > to use a function call... All modern windows releases ship > with two versions > of regedit, regedit.exe and regedt32.exe - and there have > been several > third-party replacements for regedit released. Win XP and above ship with a new regedit. Regedit.exe(win98 derivative) and regedt32.exe(crippled version for 2K) have both been dropped. Ged ************************************************************************ The information contained in this message or any of its attachments is confidential and is intended for the exclusive use of the addressee. The information may also be legally privileged. The views expressed may not be company policy, but the personal views of the originator. If you are not the addressee, any disclosure, reproduction, distribution or other dissemination or use of this communication is strictly prohibited. If you have received this message in error, please contact postmaster(a)exideuk.co.uk <mailto:postmaster@exideuk.co.uk> and then delete this message. Exide Technologies is an industrial and transportation battery producer and recycler with operations in 89 countries. Further information can be found at www.exide.com

18 years, 11 months

GetGlyphOutline

by James Tabor

Hi, I finished a fast port of GetGlyphOutline from Wine. Not too bad, no crashes. Thanks, James

18 years, 11 months

RE: Ros-dev Digest, Vol 17, Issue 64

by Lucio Diaz

Dont be silly, all of you, such audit will take at least half a year and reimplementing everything will just destroy the proyect. Use your heads, you are programmers, and you fear there is leaked code, if there is any their assembly it should be similar to the windows one, so be easy: compile reactos, dissasemble it. Then dissasemble windows. Write a tool that compares dissassembled code. And you have ONLY (and is still lots of work) to compare where there are enough coincidences betwen reactos assembly and windows assembly. Once you get to those spots you only have to check if there is a logical conclusion of a sole way of doing something (like clearing a stack) or a copied code. Why hope for reactos, Lucio Diaz. --------------------------------- LLama Gratis a cualquier PC del Mundo. Llamadas a fijos y móviles desde 1 céntimo por minuto. http://es.voice.yahoo.com

18 years, 11 months

RE: [ros-dev] Bugzilla and Security Audit Documentation

by Murphy, Ged (Bolton)

M Bealby wrote: > Hey all, Hi Martin > I have finished my security audit of one of the pieces of code in the > new svn repository! (/base/services/tcpsvcs/) > > In my audit notes I have listed the problems by simple filename:line, > flaw, description. They are also dated. Is this the same sort of > documentation you would like in svn and bugzilla too? I think the best place for this would be bugzilla. You can group the full audit in one bug. > On that note, what is happening with bugzilla? I seem to remember > someone mentioning that someone was going to go through all the bug > reports and close any that affected non-audited code. Is this > correct? I don't know what is happening with bugzilla at the moment. We've lost WaxDragon now :( He used to take care of bugzilla, and all other things related to testing. You don't want the job, do you ?? ;) > Should I submit my bug report anyway? I'll write something > noticeable in the summary field so it is obvious it is to do with the > security audit. When you submit it, I'll try to get it fixed straight away. I expect there to be quite a few fixes as I just threw this code together quickly to give us something to test with. ;) > Are we going to implement something like Peters /documentation/ patch? > If so I will put my security auditing notes in there too. I don't see any reason to store information which is going to be fixed. Bugzilla and SVN will take care of the history for us. However if there is general audit information in there, then I think is should be treated in the same manner as the rest and stored in the respective directory accordingly. Regards, Ged. ************************************************************************ The information contained in this message or any of its attachments is confidential and is intended for the exclusive use of the addressee. The information may also be legally privileged. The views expressed may not be company policy, but the personal views of the originator. If you are not the addressee, any disclosure, reproduction, distribution or other dissemination or use of this communication is strictly prohibited. If you have received this message in error, please contact postmaster(a)exideuk.co.uk <mailto:postmaster@exideuk.co.uk> and then delete this message. Exide Technologies is an industrial and transportation battery producer and recycler with operations in 89 countries. Further information can be found at www.exide.com

18 years, 11 months

New Setup system

by David Hinz

Hey guys, at first I was shocked, when I read that you want to audit all code and will have to rewrite a lot of the old code, but then I realised, that this is a great chance for making improvements. Here's one of my ideas: We could create a completely new setup, that will have a gui (not really a new idea...). But the second thing would be to create something similar to debians apt and debconf. My idea was to create a new setup, that installs ReactOS in packets, that would look a bit like this: A compressed archive (maybe bzip) that contains a folder with all the files, that need to be installed, one file that contains informations like e.g. where to put the files (%SYSTEMROOT% or %WINDIR%...) and one script file that looks a bit like a batch file. Maybe we could add a file, that contains some questions and hints, that can be interpreted by different configuration utilities. That is, what is IN these archives, in addition to this the header of the file would contain uncompressed information about the dependencies, so that they are easier to read. All this would give us some big advantages. For example we would be able to create different distributions and repositories. Companies would be able to have a mirror of our repository and could additionally have their own repositories, whose files depend on ours. This would ease deployment in big companies and would be a big advantage compared to Microsoft, as everything happens completely unattended, even if you upgrade from ReactOS 1.0 to 3.0. I'm looking forward to read what you think about my idea. Greets, David Hinz

18 years, 11 months

RE: [ros-diffs] [martinf] 33: import the lean explorer branch into thenew repository

by Casper Hornstrup

If you want to use Subversion's merging abilities then you need to copy this from trunk. Casper

18 years, 11 months

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Ros-dev