On Sat, Mar 20, 2010 at 03:40:33PM -0400, Elad Efrat wrote: >>>> If not, I don't think this adds any benefit to your proposal and >>>> is likely to simply be a distraction; I'd urge you in that case >>>> to drop it. >>> >>> Strongly seconded. There are so many great ways to improve NetBSD and >>> wasting time and money on fuzzing is about as suboptimal as it gets. >> >> Um. >> >> First of all, that's not what Thor said; > > Sorry? Are you saying that me agreeing with Thor that unless this > proposal shows some clear advantage over what we already have -- > specifically Coverity Scan -- it should probably be dropped is not > what Thor said?
He was talking about the bounds-checking translation tool part. You were attacking the entire thing. > > second of all, you really > > should not be telling potential gsoc students that their project ideas > > are flatly worthless, even if your judgment were correct; > > I said exactly what I think Which was tactless and rude. If someone comes along with an idea that's basically a waste of time, they should be gently steered towards something else. Students don't always have good ideas; that's why they need mentoring and advising, but you don't mentor and advise very effectively by being hostile and dismissive. Also, outside of the specific gsoc context, we have a long-standing custom in this project to not tell other people what to spend their time on or what is and isn't valuable. > > and third, > > I'm rather surprised that anyone who claims to work on security would > > call testing and analysis tools worthless. > > I don't *claim* anything, David; I *work*, at least as opposed to, > say, assigning bugs to me, claiming for years I'll do something about > them (together with many other grand ideas) and instead fix, I dunno, > whitespace and grammar issues. Take your preaching elsewhere; I > couldn't care less. Is that what you think I do? (And if so, do you really want to get into ad hominems? You're on fairly shaky ground.) > As for the issue at hand, well, I suggest you look at what the > proposal is, what we already have for years, and draw your own > conclusions. Yes, I have; it needs to be fleshed out into a real project proposal (as is to be expected at this stage, after all) but I don't see anything inherently wrong with it so far. -- David A. Holland dholl...@netbsd.org