----- Original Message ----- > From: "Zdenek Styblik" <zdenek.styb...@gmail.com> > To: "Ales Ledvinka" <aledv...@redhat.com> > Cc: "Jim Mank" <jm...@hp.com>, "ipmitool-devel" > <ipmitool-devel@lists.sourceforge.net> > Sent: Friday, January 4, 2013 6:17:49 PM > Subject: Re: [Ipmitool-devel] code analysis > > On Fri, Jan 4, 2013 at 5:48 PM, Ales Ledvinka <aledv...@redhat.com> > wrote: > > > >> I don't know how much I can help with the > >> fixing, but if I have > >> time I'll do what I can. > > > > You are welcome. Send me mail with the list of files you are going > > to touch. > > I hope you two will find a better way than this. Like creating > tickets > for these issues at SF.net and use ``Assigned'' attribute. Per issue, file or defect type group?
> > > > >> I'm curious as to how will you determine which issues to fix? > > > > Reasonable minimal fix. If further question remain then add some > > XXX comment. > > > > Hmm. I feel like question was about apples and answer oranges. > Anyway, I wanted to say I've read: ``I'll hack in fixes'', but that's > not the word I'm looking for. Sadly, I can't find English equivalent > of word I'm looking for to ``reasonable minimal fix'', but let's say > I'm looking forward for those code reviews. Just re-read the "reasonable". > > [...] > >> > >> What do you mean when you say you are going to release the report > >> to > >> the "public" > >> with "the patch"? > > > > Once the changes are public it's like releasing the report so I was > > thinking of attaching it to tracker item with patch to aid review. > > > > Ales, can you please stop making secrets about something that's not > secret? ipmitool is open-source. Static analysis, I presume that's > what you, or Fedora, have used, tools are available to pretty much > everyone. Also, there are other security issues like over/underflow > via user input. So I doubt whatever "you" found is worse. > On the bright side, I'm glad somebody have found time and made an > effort to run ipmitool through analysis tool. Report quality may vary with analysis tool used. Then it's about effort to generate the report, effort to check the reported item whether it's security issue or not and effort to fix it. These are not the same thing. Feel free to request the report. And then it's your decision whether you release it before anything else. > > Z. > > > ------------------------------------------------------------------------------ > > Master HTML5, CSS3, ASP.NET, MVC, AJAX, Knockout.js, Web API and > > much more. Get web development skills now with LearnDevNow - > > 350+ hours of step-by-step video tutorials by Microsoft MVPs and > > experts. > > SALE $99.99 this month only -- learn more at: > > http://p.sf.net/sfu/learnmore_122812 > > _______________________________________________ > > Ipmitool-devel mailing list > > Ipmitool-devel@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/ipmitool-devel > ------------------------------------------------------------------------------ Master HTML5, CSS3, ASP.NET, MVC, AJAX, Knockout.js, Web API and much more. Get web development skills now with LearnDevNow - 350+ hours of step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122812 _______________________________________________ Ipmitool-devel mailing list Ipmitool-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ipmitool-devel
