couchdb-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Couchdb Wiki] Update of "Test_procedure" by NoahSlater
Date Sun, 10 Mar 2013 20:04:09 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Couchdb Wiki" for change notification.

The "Test_procedure" page has been changed by NoahSlater:
http://wiki.apache.org/couchdb/Test_procedure?action=diff&rev1=37&rev2=38

  Only in apache-couchdb-1.2.0/var: Makefile.in
  }}}
  
- You may want to take some additional steps to verify the candidate.
+ These are the standard checks and are also performed by the release scripts.
+ 
+ However, assume that you cannot trust:
+ 
+  * The source code the archive was built from.
+  * The host operating system the archive was built on.
+ 
+ An attacker may have compromised either.
+ 
+ Accordingly, you should subject the release candidate to a number of your own tests.
  
  Some ideas:
  
   * Verify the contents of the generated files.
+    * This could be done by preparing your own reference archive, and comparing the files.
   * Audit the types of file contained within the archive.
+    * Is anything unexpected included in the archive?
-  * Run a virus or exploit scanner on the archive.
+  * Run a virus scanner on the archive.
+    * Are there any known threats detected?
  
  This part of the process is left to your discretion.
  
- == Checking the Release Artefacts ==
+ == Checking the Code ==
  
  Change into your `dist` directory:
  

Mime
View raw message