[development] Think there's a security problem in your module? Here's what to do.
David Metzler
metzlerd at metzlerd.com
Sat Jan 19 04:44:06 UTC 2008
First, Thanks for the willingess to consider changes. I appreciate
it. I'm on board too.
I'd agree in starting small. Having an issue queue where code could
be posted shared and tested does go a long way to alleviating my
concerns. I could probably get by with the testing of an applied
patch, or whole module file.
We should factor in some way of bringing in the user that reported
the problem. Particularly if they are doing so because they've been
exploited. This has never happened to me yet, but seems like the
prudent thing to do. I'm sure accommodations for bringing others
into the issue queue can be made on a case by case basis at the
security teams discretion.
I think I would probably use the custom CVS repository, but I know
that I'm different enough in my use of CVS, and deployment
strategies, that it may not be worth the effort to develop just for
me. Let's wait till we here more requests.
Thanks again for listening.
Dave
On Jan 18, 2008, at 1:32 PM, Derek Wright wrote:
>
> On Jan 18, 2008, at 12:14 PM, Angela Byron wrote:
>
>> I'm +1 to its removal, but defer to dww since he knows a lot
>> better than me (or probably most of us ;)) what would be involved
>> here, and how much work it would actually cost/save.
>
>
More information about the development
mailing list