Firewall Wizards mailing list archives
Re: Code review/audit and/or version control
From: George Capehart <capegeo () opengroup org>
Date: Tue, 23 Jul 2002 09:56:39 +0800
Joseph S D Yao wrote:
If you are doing version control, you have access to previous versions and the commentary from when it was checked in. Just as with in-line comments, the version control comments have to be MEANINGFUL, not just "made changes."!!! ISTM that the old versions can be used to good advantage in two ways: (1) New version introduces greater and unforeseen (of course!) security problem; quickly get out old version with known but lesser security problem, and also re-install whatever shim we had used to work around the security problem until the "fixed" version was installed.
OK. You got me there. I didn't say exactly what I was thinking. I had in mind two scenarios . . . one where, say, a format string bug or a memory leak was fixed . . . and nothing else was broken in the process ;->, and the other where there is parallel development going on and a bug gets fixed in one branch but then overwritten when a patch/hotfix is created. What I'm concerned about here is a breakdown in process . . . not a valid reason to roll back a change . . .
(2) Determine that the neat new way to do something has already been tried, and read the MEANINGFUL version control comments to determine why it was removed from service!
Absolutely!
-- Joe Yao jsdy () center osis gov - Joseph S. D. Yao OSIS Center Systems Support EMT-B ----------------------------------------------------------------------- This message is not an official statement of OSIS Center policies.
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Code review/audit and/or version control George Capehart (Jul 22)
- Re: Code review/audit and/or version control Joseph S D Yao (Jul 22)
- Re: Code review/audit and/or version control George Capehart (Jul 22)
- Re: Code review/audit and/or version control Joseph S D Yao (Jul 23)
- Re: Code review/audit and/or version control Kevin Steves (Jul 26)
- Re: Code review/audit and/or version control George Capehart (Jul 22)
- Re: Code review/audit and/or version control Joseph S D Yao (Jul 22)