Firewall Wizards mailing list archives
Re: Code review/audit and/or version control
From: Joseph S D Yao <jsdy () center osis gov>
Date: Mon, 22 Jul 2002 11:46:24 -0400
If you are doing version control, you have access to previous versions and the commentary from when it was checked in. Just as with in-line comments, the version control comments have to be MEANINGFUL, not just "made changes."!!! ISTM that the old versions can be used to good advantage in two ways: (1) New version introduces greater and unforeseen (of course!) security problem; quickly get out old version with known but lesser security problem, and also re-install whatever shim we had used to work around the security problem until the "fixed" version was installed. (2) Determine that the neat new way to do something has already been tried, and read the MEANINGFUL version control comments to determine why it was removed from service! -- Joe Yao jsdy () center osis gov - Joseph S. D. Yao OSIS Center Systems Support EMT-B ----------------------------------------------------------------------- This message is not an official statement of OSIS Center policies. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Code review/audit and/or version control George Capehart (Jul 22)
- Re: Code review/audit and/or version control Joseph S D Yao (Jul 22)
- Re: Code review/audit and/or version control George Capehart (Jul 22)
- Re: Code review/audit and/or version control Joseph S D Yao (Jul 23)
- Re: Code review/audit and/or version control Kevin Steves (Jul 26)
- Re: Code review/audit and/or version control George Capehart (Jul 22)
- Re: Code review/audit and/or version control Joseph S D Yao (Jul 22)