Good example: Chromium blob found by Debian (via LWN)

• Previous message (by thread): Good example: Chromium blob found by Debian (via LWN)
• Next message (by thread): Endreport: Is standardization deemed to be against FS and how can it be tackled?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Op 18-06-15 om 10:30 schreef Bernhard Reiter:
> We all know that the review that is actually happening
> is really important for raising the quality of software.
> Free Software always enables third party peer review,
> which makes it an important precondition for good security.
> 
> Here is an example where the peer review of Debian
> found an issue that - most likely - slipped the Google devs.
> 
>   Chromium suddenly starts downloading a binary blob
>   http://lwn.net/SubscriberLink/648392/d7e8ee05cd5977e5/
> 
> You'll get the relevant links from the above article and its comments.

It's nice to see this blob is found.

Packaging software is something else then doing a peer review.

I think it's not really difficult to bring something what's bad into
Debian when you have money enough, or when you are mean enough to
blackmail a DD.

For that reason I think peer reviews are important. I would like to see
them listed with names and what code was checked.

More automatic tests are great too.

With regards,
Paul van der Vlis.



-- 
Paul van der Vlis Linux systeembeheer Groningen
https://www.vandervlis.nl/

• Previous message (by thread): Good example: Chromium blob found by Debian (via LWN)
• Next message (by thread): Endreport: Is standardization deemed to be against FS and how can it be tackled?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]