OpenSSL static analysis, was: De Raadt + FBSD + OpenSSH + hole?
Ronald F. Guilmette
rfg at tristatelogic.com
Wed Apr 23 01:12:18 UTC 2014
In message <20140423010054.2891E143D098 at rock.dv.isc.org>,
Mark Andrews <marka at isc.org> wrote:
>As for the number of CLANG analysis warnings. Clang has false
>positives
Please define your terms.
I do imagine that the truth or falsehood of your assertion may depend
quite substantally on what one does or does not consider a "false
positive" in this context.
>some of which are impossible to remove regardless of how
>you recode the section...
I, for one, would dearly love to see one or more concrete examples
which purport to support the above assertion (of which I am dubious).
Regards,
rfg
More information about the freebsd-security
mailing list