Date: Fri, 25 Apr 2014 23:04:32 +0200 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> To: freebsd-security@freebsd.org Subject: Re: OpenSSL static analysis, was: De Raadt + FBSD + OpenSSH + hole? Message-ID: <86iopxm87z.fsf@nine.des.no> In-Reply-To: <20140425175056.GA8508@glaze.hydra> (Chad Perrin's message of "Fri, 25 Apr 2014 11:50:56 -0600") References: <DC2F9726-881B-4D42-879F-61377CA0210D@mac.com> <8783.1398202137@server1.tristatelogic.com> <20140423003400.GA8271@glaze.hydra> <20140423010054.2891E143D098@rock.dv.isc.org> <20140423012206.GB8271@glaze.hydra> <86bnvpoav7.fsf@nine.des.no> <CAG5KPzyTCTbe_vTcP8HDa_KU0agNZQjzVmQ4XnZZjgGFEVnyaQ@mail.gmail.com> <86zjj9mivi.fsf@nine.des.no> <20140425175056.GA8508@glaze.hydra>
next in thread | previous in thread | raw e-mail | index | archive | help
Chad Perrin <code@apotheon.net> writes: > Do you claim that the Clang static analyzer is essentially worthless for > finding and fixing security-related bugs because it is more trouble to > make use of its output than its output is worth, or does it only *seem* > like that is your claim? All I was saying is that 70% of this thread is pointless and that some of the most active participants are talking out of their asses. I won't address the wall of text in your previous reply except to note that you misrepresented my position and argued against a claim I never made. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86iopxm87z.fsf>