Re: William McVey: Volunteer for the Great Code Sweep

> Is this effort even still alive? Here's another volunteer. :-)

It's still alive, yes, though it's slowed to a crawl. Mark Murray and I both agree that ``secure'' deserves a clean bill of health. Oddly enough, we found that no changes had to be made in terms of security... It was kind of cool. :-)

> Sigh. I wish I wasn't so busy looking after the release or I'd try to

Unfortunately, we're all in a turbulent state right now. The lite2 merge broke -current, making the task of auditing more difficult in many ways. I'm almost for splitting off the auditing into two waves, one for the 2.2 and 2.1 branches (which are very similar) and a delayed effort for -current to start after the lite2 merge is complete for the userland utilities. If not, we might find a lot of potential bugs that were ``fixed'' in the current code sweep being re-introduced in lite2. Unfortuantely, this leads to an unavoidable duplication of effort two or three months down the road, but it might be worth it. Does anyone have any other comments or thoughts on this matter? Personally, I think that this project is of sufficient importance that it's imperitive that the auditing NOT become a failure due to lack of interest, and I'll personally volunteer as much time as I can spare to see it through. :-)

A ``chief auditor'' could definately help things out, but I think a more leak-proof structure for utilizing what brain and finger power is out there now could help. Basically, we need an auditor head for each code section, then two or three auditors to overlap each other and look for bugs. This isn't so that we have people second-guessing each other, but because I firmly believe that no one is perfect, and some bugs are going to get missed by each auditor, but maybe caught by others. Once the auditors agree on the state of a given section, their proposed changes are handed to the reviewers to search for errors and add input. Maybe this is what is supposed to be happening now, but I think that we're lacking in the overlap area, and that's not providing enough checks and balances for each piece of code. Having an auditor-czar to assign sections to people who don't really care is a good thing, but it would also be helpful to assign people who are hip on working on a particular piece of code to that piece of code, in order to maximize that person's interest in what they are doing.

We've got a pretty good sized pool of eager people out there, but as we all know, eagerness is killed by managerial stagnation. :-) The question right now is wether or not this moment in time is a good one for a code audit: I personally say, ``no, wait two months and revisit it. There's too much happening right now.'' but that might sour a lot of folks on helping out. So what do ya'll think? I'm interested in other people's thoughts on this more than my own. :-)

God help me, I'm sounding like a manager. :-)

• Dan C.