On Wed, Dec 18, 2013 at 09:12:06AM +0100, Ondrej Vasik wrote:
> Publishing them is a bit tricky - I can of course publish them (we scan
> with cppcheck, enhanced gcc warnings, clang and coverity) - but the
> reports may contain some attack vectors - and for inactive packages, it
> would only show the doors to attackers.
Then it's a good thing that attackers don't have any money and can't afford
to buy a checker license themselves.
Hiding bugs doesn't make them go away, and pretending we have tools bad people
don't is a fallacy.
Dave
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
