Re: code reviews (was: ARP handler Inspection tool released)

[Nico Golde <oss-security+ml () ngolde de>]

Hi Andrea,
* Andrea Barisani <lcars () ocert org> [2008-06-02 19:17]:
> On Mon, Jun 02, 2008 at 06:53:20PM +0200, Nico Golde wrote:
> > At least for Debian there is an audit project 
> > (http://www.debian.org/security/audit/) which is not really 
> > active anymore though. As far as I know Gentoo has a similar 
> > project. What about replacing those by an oss-security-audit 
> > project? I don't think oCert is the solution to audit 
> > requests as it simply lacks of enough manpower to do that in 
> > an organized fashion.
>
> With all due respect, how exactly do you know that? :)

Just a wild guess, audits are time consuming and you are all 
employed ;)
This was in no way meant to discredit oCert lacking of 
manpower in general. I just didn't had the impression you 
guys have the time to focus on source code audits in the 
first place but mostly on coordination. Sorry if this is 
wrong!

Cheers
Nico
-- 
Nico Golde - http://www.ngolde.de - nion () jabber ccc de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: _bin
Description: