On Thu, Oct 21, 2004 at 02:34:20AM +0200, Alex Holst wrote:
> > > The Subversion team is very serious about repository
> > > integrity. They work hard to avoid bugs that could lead to
> > > corrupt repositories. That same effort should be applied to
> > > avoiding bugs that could lead to security compromises.
> >
> > That's a fallacy -- the efforts are not tradeable, for all sorts of
> > reasons.
>
> Again, I got the sense from Ben Reser that the approach I praised to
> avoid corruption bugs went towards avoiding security bugs. You don't
> seem to think so. It would be a great first step if all/most developers
> had the same understanding of the level of effort that goes into
> avoiding security bugs.
I believe Karl was thinking more in the context of an audit, going back
over all the code that's already committed with an eye to finding
security problems. I'm sure Karl would agree that our efforts to review
code as it is committed help prevent security bugs. I just think Karl
and I were talking about different things.
That said, there has been some degree of efforts to audit some code.
For instance I made an effort to look into the string buffering code.
The only thing I ended up finding was a single, bug highly improbable,
way to put the code into an infinite loop. Karl and I fixed it.
But the effort to audit code like that is completely different from
reviewing code as it is committed. One is looking for existing errors
that are already comitted. The other is looking to see if a change does
anything it shouldn't. Both are valueable.
--
Ben Reser <ben@reser.org>
http://ben.reser.org
"Conscience is the inner voice which warns us somebody may be looking."
- H.L. Mencken
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Oct 21 20:49:59 2004