Hey all,
I have finished my security audit of one of the pieces of code in the
new svn repository! (/base/services/tcpsvcs/)
In my audit notes I have listed the problems by simple filename:line,
flaw, description. They are also dated. Is this the same sort of
documentation you would like in svn and bugzilla too?
On that note, what is happening with bugzilla? I seem to remember
someone mentioning that someone was going to go through all the bug
reports and close any that affected non-audited code. Is this
correct? Should I submit my bug report anyway? I'll write something
noticeable in the summary field so it is obvious it is to do with the
security audit.
Are we going to implement something like Peters /documentation/ patch?
If so I will put my security auditing notes in there too.
Cheers,
Martin
Show replies by date