PHP vulnerabilities?
Eric Rostetter
rostetter at mail.utexas.edu
Wed Jan 5 05:17:12 UTC 2005
Quoting Peter Peltonen <peter.peltonen at iki.fi>:
> Now, I know there are some general instructions floating around how to
> test a FL packages, but could someone sum up a simple list of specific
> things to test for these packages after the new packages are installed?
> Maybe there are some testkits for the holes that have been found or
> something?
See http://www.fedoralegacy.org/wiki/index.php/QaTesting
Basically the mimimum recommended steps are:
* Download the (S)RPMS
* Verify the sha1 checksums for the files you downloaded
* Install the binary RPMS, or rebuild and install the SRPMS, and note any
problems or issues uncovered, if any.
* Use the package(s) as appropriate for the packages, and as you would normally
use them, noting any problems, if any.
* Report your findings in the Bugzilla entry (signed).
You can do more than the above, but the above is sufficient if you don't
have the time and/or expertise to do more.
> > Remember that community projects like fedora legacy are are a two-way
> > street. It's only as good as YOU (yes, I mean *YOU*) make it.
>
> I haven't participated before this, as the testing process has sounded a
> bit complicated and I haven't had the time, but n the followig days I'll
> try to read the instructions and test these packages "in the proper
> Fedora Legacy way".
The "proper" FL way depends on the person doing the testing. Do what you
can, as much or as little as that is.
> As I have not really participated in any open source projects before,
> you will also get a real newbie opinion as well about docs you've provided.
That would be a good thing also. Please do comment back on the docs.
> Regards,
> Peter
--
Eric Rostetter
More information about the fedora-legacy-list
mailing list