OpenSSL static analysis, was: De Raadt + FBSD + OpenSSH + hole?
Ronald F. Guilmette
rfg at tristatelogic.com
Thu Apr 24 20:49:31 UTC 2014
In message <D18165F1-0213-4A1F-96F4-6E0F6F735C69 at cederstrand.dk>,
Erik Cederstrand <erik at cederstrand.dk> wrote:
>As others have pointed out, 'too hard' can also mean 'too hard' to get
>someone with commit access to actually commit the patch and accept the
>risk of introducing new bugs. Case in point: I contributed this
>one-liner patch for ZFS found by Clang Analyzer, adding the __noreturn__
>pragma you also mention: https://www.illumos.org/issues/3363. For 1,5
>years, I have been unable to get anyone from FreeBSD or Illumos to
>commit it or even review it.
Ah! OK. That is a different sort of problem entirely, and one for which
I personally have no suggestion, nor any ready answer.
Regards,
rfg
More information about the freebsd-security
mailing list