From owner-freebsd-security@FreeBSD.ORG Wed Apr 23 01:12:18 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 3AF656EA for ; Wed, 23 Apr 2014 01:12:18 +0000 (UTC) Received: from outgoing.tristatelogic.com (segfault.tristatelogic.com [69.62.255.118]) by mx1.freebsd.org (Postfix) with ESMTP id 1D33B13A3 for ; Wed, 23 Apr 2014 01:12:17 +0000 (UTC) Received: from segfault-nmh-helo.tristatelogic.com (localhost [127.0.0.1]) by segfault.tristatelogic.com (Postfix) with ESMTP id B095C3AE0E for ; Tue, 22 Apr 2014 18:12:11 -0700 (PDT) From: "Ronald F. Guilmette" To: freebsd-security@freebsd.org Subject: Re: OpenSSL static analysis, was: De Raadt + FBSD + OpenSSH + hole? In-Reply-To: <20140423010054.2891E143D098@rock.dv.isc.org> Date: Tue, 22 Apr 2014 18:12:11 -0700 Message-ID: <10999.1398215531@server1.tristatelogic.com> X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Apr 2014 01:12:18 -0000 In message <20140423010054.2891E143D098@rock.dv.isc.org>, Mark Andrews wrote: >As for the number of CLANG analysis warnings. Clang has false >positives Please define your terms. I do imagine that the truth or falsehood of your assertion may depend quite substantally on what one does or does not consider a "false positive" in this context. >some of which are impossible to remove regardless of how >you recode the section... I, for one, would dearly love to see one or more concrete examples which purport to support the above assertion (of which I am dubious). Regards, rfg