On Fri, 26 Oct 2007 07:47:31 -0400 Josh Bressers <bressers redhat com> wrote: > Within Red Hat I care for a suid whitelist. If it's not on the list, > I have to be convinced that it should be. It works rather well > honestly. It would probably make sense to give this task to the > Fedora Security Response Team as it will be them cleaning up the mess > after a "suid gone wild" event. Can you help us draft up a new package review rule that will bring suid things to your attention? I think rpmlint may point out suid files, or could be made to easily. What's missing is a point of contact or a bugzilla keyword or blocker list we set or something. -- Jesse Keating Fedora -- All my bits are free, are yours?
Description: PGP signature