couchdb-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <>
Subject [Couchdb Wiki] Update of "Test_procedure" by NoahSlater
Date Sun, 10 Mar 2013 20:04:09 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Couchdb Wiki" for change notification.

The "Test_procedure" page has been changed by NoahSlater:

  Only in apache-couchdb-1.2.0/var:
- You may want to take some additional steps to verify the candidate.
+ These are the standard checks and are also performed by the release scripts.
+ However, assume that you cannot trust:
+  * The source code the archive was built from.
+  * The host operating system the archive was built on.
+ An attacker may have compromised either.
+ Accordingly, you should subject the release candidate to a number of your own tests.
  Some ideas:
   * Verify the contents of the generated files.
+    * This could be done by preparing your own reference archive, and comparing the files.
   * Audit the types of file contained within the archive.
+    * Is anything unexpected included in the archive?
-  * Run a virus or exploit scanner on the archive.
+  * Run a virus scanner on the archive.
+    * Are there any known threats detected?
  This part of the process is left to your discretion.
- == Checking the Release Artefacts ==
+ == Checking the Code ==
  Change into your `dist` directory:

View raw message