Re: code review CVS

[Vincent Danen <vdanen () linsec ca>]

* [2008-02-19 08:35:44 +0100] Sebastian Krahmer wrote:

> On Mon, Feb 18, 2008 at 09:00:24AM -0700, Vincent Danen wrote:
>
> I am not sure if a cvs or something like a -AUDITED
> branch would be the right way, since it might not be obvious
> which older versions were reviewed too if new versions are commited.
> Maybe a wiki with patch subdir and link to the reviewed
> CVS version/branch will suffice. Need to play around :)
> On the other hand if such a project grows you can have a complete distro
> you can check out and you always see which parts of a distro or larger project
> are reviewed such as apache w/o certain modules. problem is that
> such partial reviews may stop to compile upon checkout.

Hmmm... I'm not sure I'm completely following you here.

I like the patch idea, however.  A "vendor patch" database of sorts
would be nice (would save me from hunting from, say, ubuntu packages for
a patch for something they already fixed, or looking at ubuntu for one,
and SUSE for another because of version differences).

That doesn't really concentrate on *auditing* however, but I could see
how the two could work well together under one common implementation.

--
Vincent Danen @ http://linsec.ca/

Attachment: _bin
Description: