Good example: Chromium blob found by Debian (via LWN)
Paul van der Vlis
paul at vandervlis.nl
Sun Jul 19 17:51:48 UTC 2015
Op 18-06-15 om 10:30 schreef Bernhard Reiter:
> We all know that the review that is actually happening
> is really important for raising the quality of software.
> Free Software always enables third party peer review,
> which makes it an important precondition for good security.
>
> Here is an example where the peer review of Debian
> found an issue that - most likely - slipped the Google devs.
>
> Chromium suddenly starts downloading a binary blob
> http://lwn.net/SubscriberLink/648392/d7e8ee05cd5977e5/
>
> You'll get the relevant links from the above article and its comments.
It's nice to see this blob is found.
Packaging software is something else then doing a peer review.
I think it's not really difficult to bring something what's bad into
Debian when you have money enough, or when you are mean enough to
blackmail a DD.
For that reason I think peer reviews are important. I would like to see
them listed with names and what code was checked.
More automatic tests are great too.
With regards,
Paul van der Vlis.
--
Paul van der Vlis Linux systeembeheer Groningen
https://www.vandervlis.nl/
More information about the Discussion
mailing list