If the author has been contacted, it should be noted in the commit log. That alone is enough reason to squash any doubts anyone had. The authors word is always trusted.
If the author couldn't be contacted, then the code should go through the audit procedure Art put forward. Whichever part of that procedure was passed should be noted in the commit log. Even if it's just something as simple as 'this code uses is fully documented on XYZ: http://..'
Doing things this way ensures we can look back at the code if the cleanliness of the reversing methods is ever questioned again. It gives a good base point for us to start our defence from.
This was all decided when we originally locked the code, but no one has been following it. Thus we have terms like 'I read this code and it looked clean to me'. IMO, that isn't worth anything. I could read parts of the kernel and it appear to be clean to me. Contacting Alex or correctly auditing the code would prove otherwise.
In light of this, I think some of the audit measures we went to were a bit of an over reaction. Perhaps we should have only decided to audit kernel mode code, or subsections of it. However we choose to do everything and I'm a firm believer in the phrase 'If you going to do something, do it right'
Ged.
-----Original Message----- From: Saveliy Tretiakov [mailto:saveliyt@mail.ru] Sent: 07 April 2006 13:52 To: ReactOS Development List Subject: Re: [ros-dev] ncpa
I always contact authors when it is possible. Some authors have left project years ago and are unreachable.
Murphy, Ged (Bolton) wrote:
The authors of the code should always be contacted before unlocking unless the app it produces isn't a part of Windows.
Not doing so undermines the audit process and commit lines like 'I looked
at
this code and it appears clean' is doing just that.
Ged.
-----Original Message----- From: Saveliy Tretiakov [mailto:saveliyt@mail.ru] Sent: 07 April 2006 13:11 To: ReactOS Development List Subject: Re: [ros-dev] ncpa
Do we need to audit ncpa?
Ros-dev mailing list Ros-dev@reactos.org http://www.reactos.org/mailman/listinfo/ros-dev
The information contained in this message or any of its attachments is confidential and is intended for the exclusive use of the addressee. The information may also be legally privileged. The views expressed may not be company policy, but the personal views of the originator. If you are not the addressee, any disclosure, reproduction, distribution or other dissemination or use of this communication is strictly prohibited. If you have received this message in error, please contact postmaster@exideuk.co.uk mailto:postmaster@exideuk.co.uk and then delete this message.
Exide Technologies is an industrial and transportation battery producer and recycler with operations in 89 countries. Further information can be found at www.exide.com
Ros-dev mailing list Ros-dev@reactos.org http://www.reactos.org/mailman/listinfo/ros-dev
_______________________________________________ Ros-dev mailing list Ros-dev@reactos.org http://www.reactos.org/mailman/listinfo/ros-dev ************************************************************************ The information contained in this message or any of its attachments is confidential and is intended for the exclusive use of the addressee. The information may also be legally privileged. The views expressed may not be company policy, but the personal views of the originator. If you are not the addressee, any disclosure, reproduction, distribution or other dissemination or use of this communication is strictly prohibited. If you have received this message in error, please contact postmaster@exideuk.co.uk mailto:postmaster@exideuk.co.uk and then delete this message.
Exide Technologies is an industrial and transportation battery producer and recycler with operations in 89 countries. Further information can be found at www.exide.com