Re: suggestion.

[David Ford <david@kalifornia.com>]

I differ in opinion here, 2.2 is full of bugs which have been fixed in 2.3/2.4.  I
suggest we start with the most current code base.  There is little merit in
duplicating work that has already been done.  2.4 is at the door, almost ready to
walk.

-d

Marc Esipovich wrote:

>  Hi everybody,
>
>         I think the best thing would be to divide the kernel into auditable parts,
> most importat portions - directly related to security, should be audited first.
> especially parts where well-known bugs were found.
>
>         Here is a small list, please add.
>
>         1.      The binary loaders, a,out, elf...
>
>         2.      In 2.[24].x kernels, the cap stuff.
>
>         3.      proc filesystem.
>
>         4.      NET (ipv4 for now)
>
>         5.      Filesystem code, mostly DoS and data corruption. this will require
> people who know their way around filesystems,  not for the general auditing crowd.
>         6.      Stress testing the kernel in every imaginable way is bound to
> find *something*, be creative.
>
>         IMHO, the kernel tree which requires the most effort for now is 2.2.
> yes, 2.0 is still alive kicking,  but soon enough 2.2 will become the
> stable "old" kernel, just like 2.0.
>
>         We should not be auditing development kernels.
>
>                 Marc.

--
"The difference between 'involvement' and 'commitment' is like an
eggs-and-ham breakfast: the chicken was 'involved' - the pig was
'committed'."


begin:vcard 
n:Ford;David
x-mozilla-html:TRUE
org:<img src="http://www.kalifornia.com/images/poweredbylinux.gif">
adr:;;;;;;
version:2.1
email;internet:david@kalifornia.com
title:Blue Labs Developer
x-mozilla-cpt:;-26528
fn:David Ford
end:vcard