|
|
|
|
|
|
by gwd
696 days ago
|
|
|
> ...what was the process in place and why did it fail? It appears the process was: 1. Channel files are considered trusted; so no need to sanity-check inputs in the sensor, and no need to fuzz the sensor itself to make sure it deals gracefully with corrupted channel files. 2. Channel files are trusted if they pass a Content Validator. No additional testing is needed; in particular, the channel files don't even need to be smoke-tested on a real system. 3. A Content Validator is considered 100% effective if it has been run on three previous batches of channel files without incident. Now it's possible that there were prescribed steps in the process which were not followed; but those too are to be expected if there is no automation in place. A proper process requires some sort of explicit override to skip parts of it. |
|
|