[ros-dev] Bugzilla and Security Audit Documentation

Murphy, Ged (Bolton) MurphyG at cmpbatteries.co.uk
Mon Jan 30 11:45:29 CET 2006 

M Bealby wrote:

> Hey all,

Hi Martin

> I have finished my security audit of one of the pieces of code in the
> new svn repository! (/base/services/tcpsvcs/)
> 
> In my audit notes I have listed the problems by simple filename:line,
> flaw, description.  They are also dated.  Is this the same sort of
> documentation you would like in svn and bugzilla too?

I think the best place for this would be bugzilla.
You can group the full audit in one bug.

> On that note, what is happening with bugzilla?  I seem to remember
> someone mentioning that someone was going to go through all the bug
> reports and close any that affected non-audited code.  Is this
> correct?  

I don't know what is happening with bugzilla at the moment. We've lost
WaxDragon now :( 
He used to take care of bugzilla, and all other things related to testing.
You don't want the job, do you ?? ;)

> Should I submit my bug report anyway?  I'll write something
> noticeable in the summary field so it is obvious it is to do with the
> security audit.

When you submit it, I'll try to get it fixed straight away.
I expect there to be quite a few fixes as I just threw this code together
quickly to give us something to test with. ;)
 
> Are we going to implement something like Peters /documentation/ patch?
> If so I will put my security auditing notes in there too.

I don't see any reason to store information which is going to be fixed.
Bugzilla 
and SVN will take care of the history for us. However if there is general
audit 
information in there, then I think is should be treated in the same manner
as the
rest and stored in the respective directory accordingly.

Regards,
Ged.








 
************************************************************************
The information contained in this message or any of its
attachments is confidential and is intended for the exclusive
use of the addressee. The information may also be legally
privileged. The views expressed may not be company policy,
but the personal views of the originator. If you are not the
addressee, any disclosure, reproduction, distribution or other
dissemination or use of this communication is strictly prohibited.
If you have received this message in error, please contact
postmaster at exideuk.co.uk 
<mailto:postmaster at exideuk.co.uk> and then delete this message. 

Exide Technologies is an industrial and transportation battery
producer and recycler with operations in 89 countries.
Further information can be found at www.exide.com

More information about the Ros-dev mailing list