On Aug 21, 2007, at 1:27 AM, Pierangelo Masarati wrote:
Domagoj Babic wrote:
Ok, thank you a bunch for the clarification.
This might be especially relevant to buffer overrun checking
exactly
However, Kurt, on the behalf of the OpenLDAP Foundation, explicitly stated that the foundation is not interested in having the code statically checked, so I won't be sending reports (except for one more I have already generated).
I don't think he said exactly that.
He's (mis)characterizing what I said in a private email. I have separately posted clarification.
I believe he said the project is not interested in receiving plain reports just for the purpose of debugging Calysto (nothing personal: only, we're just a few volunteers, and we cannot dedicate too much time in reviewing reports potentially filled by false positives). If you put some effort in separating what could be critical from what isn't likely, any report would be welcome.
I think is your mistake to some extent my earlier public comments. In particular, I was speaking then as an individual. I stated what I, personally, was interested in. Others may have different interests than myself. It was not my intent, in those emails, to speak for collectively for the Project. I leave that to Howard.
For example, I'm reviewing your initial submission and, apart from what's directly related to the clients, there are a couple of reports that may require some action. I'll post about my findings later, on a private basis. Only, I'm not going to do this routinely and too often.
Once Calysto becomes publicaly available, you might actually get in a position where other people will be capable of finding exploits automatically --- every great technology has its dark side :-)
I know. That's why I'm not going to entirely decline the reports you offered to submit.
As I noted in the recent message I sent clarifying the Foundation's recent action, it was the strings attached to his future reports that were declined.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it
Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it