[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Only auditing current 2.4 code?

To: kernel-audit@nl.linux.org
Subject: Re: Only auditing current 2.4 code?
From: Stephan Zaniolo <eaglefeather@mindspring.com>
Date: 11 Jun 2000 17:54:22 CDT
Reply-To: Stephan Zaniolo <eaglefeather@mindspring.com>
Sender: owner-kernel-audit@nl.linux.org

	I'm quite new to programming and never done a code audit before,
but I had a thought.  Darron suggests below (as others have as well) that
this project focus on the 2.2.x or earlier kernels as they are more
stable.  Could it be more advantageous to work on the 2.4.x kernels
BECAUSE they are in a state of flux?  Would the kernel hackers be more
willing to incorporate changes in them now while they're still tinkering
in the bowels of the code?  Although an audit of the stable kernels would
make our job easier, would the kernel hackers (who are going to be
focusing on the 2.4.x kernels) going to be as willing to patch a stable
kernel that fewer people are working on, with code that might break
something else at a higher level?

IMHO,
Stephan

On Sun, 11 Jun 2000 15:58:40 -0600 (MDT), Darron Froese said:

> Someone had this suggestion (I forgot who and deleted the email) and I
>  think that that is probably not the correct way to go.
>  
>  2.4 is still in heavy development and will probably be that way for
>  the
>  next few months. When it comes out, there will probably be some lag
>  time
>  between the initial 2.4.0 release and a ready-for-primetime
>  production-quality release. Then there will be some time after that to
>  migrate production servers over - if they're even migrated.
>  
>  2.2 is in use on production servers right now and will be in use for
>  quite
>  some time. The codebase is pretty stable - there probably aren't going
>  to
>  be any huge changes (like there will be in 2.4) in the near future.
>  
>  I think an audit of the 2.2 code would serve quite well as a starting
>  point. We could:
>  
>  1. Track that known issues in 2.4 that didn't get back ported to 2.2.
>  (for whatever reason)
>  2. Look for other unknown issues and audit away.
>  
>  There will be plenty of time to audit 2.4 once it's stabilized
>  somewhat -
>  c'mon, the code freeze was announced in October sometime and it's
>  still
>  not really frozen. ;-)
>  
>  Anyways, that's just my 2 cents. I'd love to be able to help but can't
>  program in C yet.
>  --
>  Darron
>  darron@froese.org
>  
>  
>  Kernel-audit:  discussion list for security and the linux kernel
>  Archive:	  http://mail.nl.linux.org/kernel-audit/
>  


Kernel-audit:  discussion list for security and the linux kernel
Archive:       http://mail.nl.linux.org/kernel-audit/

Follow-Ups:
- Re: Only auditing current 2.4 code?
  - From: Gigi Sullivan <sullivan@sikurezza.org>

Prev by Date: Re: suggestion.
Next by Date: Re: suggestion.
Prev by thread: Only auditing current 2.4 code?
Next by thread: Re: Only auditing current 2.4 code?
Index(es):
- Date
- Thread