Hey all,
I have finished my security audit of one of the pieces of code in the new svn repository! (/base/services/tcpsvcs/)
In my audit notes I have listed the problems by simple filename:line, flaw, description. They are also dated. Is this the same sort of documentation you would like in svn and bugzilla too?
On that note, what is happening with bugzilla? I seem to remember someone mentioning that someone was going to go through all the bug reports and close any that affected non-audited code. Is this correct? Should I submit my bug report anyway? I'll write something noticeable in the summary field so it is obvious it is to do with the security audit.
Are we going to implement something like Peters /documentation/ patch? If so I will put my security auditing notes in there too.
Cheers, Martin