Re: Static Analysis of OpenLDAP

On Apr 14, 2011, at 3:41 PM, Lynn Gayowski wrote: For the benefit of you and the community, please note that the OpenLDAP Foundation considers this as an open request for those interested in the Klockwork report to contact Klockwork for that report. To the extent that Klockwork and any interested party choose to enter into any sort of agreement, that agreement is between Klockwork and the interested party. The OpenLDAP Foundation, nor the OpenLDAP Project (an organized activity of the OpenLDAP Foundation), would not be a party to that agreement and hence cannot and will not be bound by any such agreement. It must also be noted that the Project requires all contributions (including not just source code) to be publicly disclosable. This is why it won't enter into an agreement precluding it from publishing particular contributions, such as a report. It is the contributors responsibility, not the Project's, to only contribute materials which are publicly disclosable. The Project will publish any and all contributions (it may choose to delay contributions of certain materials (such as "major security issues", but all contributions get published in due course). This note is not intended to dissuade anyone interested in this report from seeking access to the report and/or viewing the report. The note is intended to make clear that those seeking access to such reports are acting on their own behalf, not on the behalf of the OpenLDAP Foundation or the OpenLDAP Project. Regards, Kurt --- Executive Director, OpenLDAP Foundation