OpenSSL static analysis, was: De Raadt + FBSD + OpenSSH + hole?
Ben Laurie
benl at freebsd.org
Wed Apr 23 08:57:50 UTC 2014
On 23 April 2014 02:12, Ronald F. Guilmette <rfg at tristatelogic.com> wrote:
>
> In message <20140423010054.2891E143D098 at rock.dv.isc.org>,
> Mark Andrews <marka at isc.org> wrote:
>
>>As for the number of CLANG analysis warnings. Clang has false
>>positives
>
> Please define your terms.
>
> I do imagine that the truth or falsehood of your assertion may depend
> quite substantally on what one does or does not consider a "false
> positive" in this context.
>
>>some of which are impossible to remove regardless of how
>>you recode the section...
>
> I, for one, would dearly love to see one or more concrete examples
> which purport to support the above assertion (of which I am dubious).
So try wading through the morass of false positives yourself and
discover what a joy it is for yourself.
More information about the freebsd-security
mailing list