The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Quality: some thoughts on achieving it (long)

  Ok, let me try make a contribution to the testing...

  Basically, as of today any installed program is registered in the info
directory for 'dpkg'.  This is only an inch away from being an actual
database of installed programs.

  An automated test, could check for access rights to directories and
common data objects.  It could check suid and sgid on program objects,
for possible security holes.  A program installing, would be cleared by
the security team, to allow the suid, or sgid permissions for that
program.  The program, on installation would then be tested for
permission to these rights against a clearance database, that would
be provided by the security teams, but could also be updated by the
system administrator of the local system (to give information about
local programs and products).

  Turn the info directory into a database, where each entry would have
the basename of the program, and the relation to the directory hierarchy
(the bit offset into the hierarchy), along with other information for that
file... which packet it belonged to, etc.  i.e. turn the packaging into a
database... this database, would then be provided as a basis to the
system...

Example:
PACKAGE BASENAME WHERE PERMISSIONS TYPE...
system  tmp      1010  xxxxxxxxxx  ...

Then provide a prebuilt hierarchy database(The cabinet structure :-),

                               /                    \
           /usr    ....   /home .... /var .... /tmp  > WHERE
          /local         /ftp                       /

  A script could check the security of the system, after or during the
run of a program, to verify a decent behaviour, and even reestablish
correct permissions, if so desired  :-)

  Then, before a release... a team installs from scratch, from diskettes
or CD... which must be cleared satisfactorily before a release?

  For quality of a program... the idea of having a script made, that
shows the program passes the bug, is a very good one.  GNU now provides
scripts that do this, that provide simple tests on known reported
failures to programs... so, basically if a bug is reported, a script
is created that shows the bug, if possible.

----------------------------------------------------------------------------
Ørn Einar Hansen                         oe.hansen@halmstad.mail.telia.com
                                          oehansen@daimi.aau.dk
                                    fax; +46 035 217194


--
Please respect the confidentiality of material on the debian-private list.
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-private-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com